On Sep 25, 2007, at 4:01 AM, Howard Chu wrote:
Similar functionality is already present in Sun Directory Server 6, although the operational attribute is called isMemberOf (because the Sun messaging product using the memberOf attribute with a different semantic :-( ). Samba AD schema ( 1.2.840.113556.1.2.102 Sun Delegated Admin ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) Note that the memberOf attribute is not defined as Operational and is specifically listed as allowed in a number of objectclasses. Sun isMemberOf ( 1.3.6.1.4.1.42.2.27.9.1.792 NAME 'isMemberOf' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation ) IBM defined its own attribute for the same purpose, and has the same semantic as Sun's isMemberOf (at least for Static Groups): attributetypes=( 1.3.18.0.2.4.2244 NAME 'ibm-allGroups' DESC 'All groups to which an entry belongs. An entry may be a member directly via member, uniqueMember or memberURL attributes, or indirectly via ibm-memberGroup attributes. Read-only operational attribute (not allowed in filter).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation ) IBMAttributetypes=( 1.3.18.0.2.4.2244 DBNAME( 'allGroups' 'allGroups' ) ACCESS-CLASS normal LENGTH 1000 ) So, yes, it would be really nice to see some harmonization in that space. Ludovic.
Ludovic Poitou Sun Microsystems Inc. Software Architect Directory Services Sun Microsystems requires the following notice: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
_______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext