[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] Nested group
Liben, Michael (GTI) wrote:
This anticipates a reliable mechanism that ensures direct members are not
added to the nestedGroups attribute and that nested groups are not
inadvertently added to the member attribute. How would the server respond if
an object is included in both attributes?
Actually that's not a requirement. A group can legitimately be a user in LDAP.
It may be perfectly valid for a group object to appear in both the member and
nestedGroup attribute. It would be meaningless for a non-group object to
appear in the nestedGroup attribute. Whether that should be rejected or
silently ignored is an open question, but pretty trivial either way.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext