[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6055) Samba4 need 'name' implementation like AD (RDN-Name)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6055) Samba4 need 'name' implementation like AD (RDN-Name)
From: michael@stroeder.com
Date: Sat, 18 Apr 2009 13:21:51 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Pierangelo Masarati wrote:
> michael@stroeder.com wrote:
>> (I've stumbled across ITS#5704. Isn't that already something like this?)
> 
> not exactly, as sets do not allow a placeholder for the naming
> attribute; maybe something like "this/entryRDN.ava{0}.value" if it
> existed...

But given that slapd already enforces the characteristic attribute (e.g.
'cn' for 'user' on Samba4) to be part of the entry IMHO this is not
needed. Provided the order of the checks are right.

So this would be:

constraint_attribute    name set
   "this/cn"
   restrict="ldap:///dc=example,dc=com??sub?(objectClass=user)"

constraint_attribute    name set
   "this/ou"
restrict="ldap:///dc=example,dc=com??sub?(objectClass=organizationalUnit)"

Since uniqueness of 'cn' or 'ou' for one-level search for the above
cases is already enforced wouldn't this be sufficient?

Maybe I miss something though.

Ciao, Michael.

Prev by Date: Re: (ITS#6055) Samba4 need 'name' implementation like AD (RDN-Name)
Next by Date: (ITS#6070) slapo-rwm(5) be_entry_get() incorrect behavior when no DN rewriting occurs
Index(es):
- Chronological
- Thread