At the recent LDAP conference in Cologne there was wide support for an
effort to improve some of the commonly-used schema definitions. In
particular, the fact that groupOfNames does not permit an empty group
was felt to be a significant problem.
To address this problem, I have published an I-D proposing a new
objectclass called groupOfEntries. The I-D is appended and is also
available at:
http://www.ietf.org/internet-drafts/draft-findlay-ldap-groupofentries-00.txt
To make adoption as easy as possible, the new object class is
identical to groupOfNames except that it has the ability to
describe empty groups without resorting to tricks and workarounds.
I would like to see this new class used in place of groupOfNames in
new designs, so I propose to ask IETF to consider the draft for the
Standards Track.
Comments and suggestions for improvement are welcome, and should be
sent to the ldapext@ietf.org mailing list.
Andrew