[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Nested group

To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Subject: Re: [ldapext] Nested group
From: Steven Legg <steven.legg@eb2bcom.com>
Date: Thu, 20 Sep 2007 13:06:44 +1000
Cc: ldapext@ietf.org
In-reply-to: <20070919104644.GE12296@tile.skills-1st.co.uk>
References: <46F0ED1E.10004@stroeder.com> <20070917143336.GA7266@tile.skills-1st.co.uk> <46EF07BD.1010801@padl.com> <20070918110511.GF23300@tile.skills-1st.co.uk> <46F060CD.20008@eb2bcom.com> <46F063BE.5020900@padl.com> <20070917143336.GA7266@tile.skills-1st.co.uk> <46EF07BD.1010801@padl.com> <20070918110511.GF23300@tile.skills-1st.co.uk> <46F060CD.20008@eb2bcom.com> <20070919104644.GE12296@tile.skills-1st.co.uk>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)


Andrew,

Andrew Findlay wrote:

It looks as if the nested groups issue needs tackling. Should I expand
this I-D to include it?


I think that would be a good idea.

> The consensus seems to be:


1)	groupOfEntries member attributes should not point to groups
	whose members are to be considered part of the group being
	described.
	
	I see no problem with allowing them to point to groups if
	expansion/nesting/inclusion is not required.


It is okay to restrict the interpretation of the member attribute
as an attribute of the groupOfEntries object class, but if we
consider a group as being any entry of an object class that
permits a member attribute (and/or the nestedGroup attribute),
then restricting the interpretation of the member attribute in the
more general context will conflict with some current deployments.
If we are going to allow a variety of object classes to define groups,
then we should define a new attribute, e.g., called directMember, to
replace the member attribute.

Regards,
Steven

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] Nested group
  - From: Michael Ströder <michael@stroeder.com>

References:
- [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Michael Ströder <michael@stroeder.com>
- [ldapext] groupOfEntries object class proposal
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Luke Howard <lukeh@padl.com>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Steven Legg <steven.legg@eb2bcom.com>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Luke Howard <lukeh@padl.com>
- [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: [ldapext] Nested group
Next by Date: Re: [ldapext] Nested group
Index(es):
- Chronological
- Thread