原文链接

  • groupofnames stores its members in the member attribute (using DN as the value)
  • groupofuniquenames stores its members in the uniquemember attribute (again using DN as value).
  • The uniquemember attribute however is designed to be able to hold an extra unique identifier to tell the difference between two DN’s who have the same value in a group. The reason why this might happen is that a user is deleted from the directory, but not from all of the groups. Later a new entry is added with the same DN, but it is a different person. This person needs access to the group, but you need a way to differentiate between this recent addition and the earlier DN (if you have several thousand members, simply deleting the earlier DN may not be a reasonable option).
文章目录