[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Group/membership storage methods and traversal

To: safdar@alumni.utexas.net
Subject: Re: Group/membership storage methods and traversal
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 17 Nov 2004 20:45:20 +0100
Cc: openldap-software@OpenLDAP.org
References: <ca5d671a04111709463f409f9f@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Ali Safdar Kureishy wrote:

>Hi,
>
>I have a few questions about groups that I haven't been able to find
>in the archives and was hoping someone might have an idea ...
>
>1)  Is it legal to specify the dns of other groupOfNames or
>groupOfUniqueNames entries as members of an openLDAP group? (i.e. can
>we have nested groups?)
>
It's perfectly legal in the sense that groupOfName members must be legal
DNs regardless fo their meaning (no consistency is checked); however, no
recursion occurs.  You don't explain what's the purpose of having nested
groups; for instance, in access control (typical use of groups), the
only way to recurse nested groups that I'm aware of is by using the
"set" <who> option; see http://www.openldap.org/faq/data/cache/1133.html
for details.

>2) Are there any openLDAP-specific APIs in JNDI (for example, Sun has
>a package that supports SUN DS groups etc.) to traverse groups (and
>nested groups, if applicable) to reach the terminal entries without
>explicitly doing the membership extraction in our code?
>
>
I'm not aware of any such API in any programming language/environment;
this by no means indicates that it doesn't exist.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Group/membership storage methods and traversal
  - From: Ali Safdar Kureishy <safdar.kureishy@gmail.com>

Prev by Date: Re: Problem compiling CVS version
Next by Date: Re: Active Directory port ? to be contacted by slurpd
Index(es):
- Chronological
- Thread