Classic RFC 2307 zones (3.x, 4.x)

The classic RFC 2307-compatible zone is similar to the classic Centrify zone, except that the data in the serviceConnectionPoint objects is associated with Active Directory user and group objects stored in RFC 2307-compliant attributes. For RFC 2307-compatible zones, Centrify makes use of a Windows Server feature, called Dynamic Auxiliary Classes, to dynamically bind posixAccount or posixGroup instances to the serviceConnectionPoint objects.

Binding the posixAccount or posixGroup to the user or group serviceConnectionPoint results in an Active Directory object with:

  • Two object classes: the serviceConnectionPoint objectClass and the posixAccount or posixGroup objectClass.
  • Two sets of attributes: those contributed by the serviceConnectionPoint object and those contributed by posixAccount or posixGroup object.

The structure of the zone and its sub-containers is the same as the classic Centrify zone layout, with each zone stored as a separate tree in the directory and sub-containers for the Users, Groups, and Computers in each zone, but you can use attributes from the posixAccount or posixGroup objectClass to store data in the RFC 2307-compliant format. Storing the data in RFC 2307‑compliant attributes enables the information to be used by applications that conform to the RFC 2307 standard.