Linux – LDAP uniqueMember attribute not recognised in linux

The dc style generally indicates a dns-based LDAP tree of some kind. This is the style Active Directory (AD) uses. If you don't care about dns-based LDAP trees, then other types can be used just fine. Novell's eDirectory is an O based tree. Some caveats:

• DC-style is what AD uses. A lot of 3rd party products that support AD LDAP sources like this style of tree a lot better than O based trees. I've had trouble getting these clients to talk to O-style LDAP trees.
• AD doesn't use O at all, so some LDAP clients/parsers may not support it as a result. The same goes for L (location).
• If you're not DNS-rooting your tree, DC-style is much less important
• Hybrid styles are just fine. Your LDAP root is dc=example,dc=com, and you use an O-style tree under that. DN's could very well be, cn=bobs,ou=users,o=company,dc=example,dc=com

In general, your need to be compatible with 3rd party LDAP client is what should drive your structure. If it needs a dialect, it'll probably need to look as active-directory like as possible. If they're pure LDAP clients, in that they really do support the entire spec, then structure shouldn't matter.

I don't know of any ldap tree-structure standards, but I'm sure others will pipe up if there are any.

From what GOsa² developers said, they are using modified RFC2307 schema that not only uses groupOfUniqueNames as @SergeyVlasov noted is standard in second draft, but also duplicate the regular NIS schema giving full backwards compatibility (as long as one doesn't use other administrative tools for changing group membership or user creation).

I haven't tried it yet, but it looks like one can use this modified schema without problems.