Re: [ldapext] Dynamic group draft

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Pierangelo Masarati writes:
>Hallvard B Furuseth wrote:
>> The Compare and Search operations match subtypes.  If subtypes of
>> "member" and "uniqueMember" are not considered for static members,
>> then Compare(base DN, "member", candidate DN) and Search with
>> filter "(member=candidate DN)" are incorrect membership checks.
>
> Sorry, I'm not following you on this ground - but I must be missing
> something obvious.

The draft says in various places one can use the Search and Compare
operations to check for membership.

However the draft's sections 4.3 and 4.4 (last sentence of each) says
that subclasses (should be subtypes) do not denote members.

Example:

Schema:
  attributetype ( <oid> NAME 'foo' SUP member )
  ...

Entry:
  dn: cn=Some Group
  foo: uid=Someone
  ...

LDAP Compare(base "cn=Some Group", attr "member", val "uid=Someone")
returns compareTrue.  Search filter "(foo=uid=Someone)" matches.

-- 
Regards,
Hallvard

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext