Re: [ldapext] Fwd: Manual Post Requested for draft-howard-rfc2307bis

[Ralf Haferkamp <rhafer@suse.de>]

Am Sonntag 09 August 2009 23:41:42 schrieb Howard Chu:
> I guess this will show up in a couple of days.
> 
> Major differences from version 01 of the rfc2307bis document:
> 
> 1) Added host and hostos attribute options to allow system-specific values
>  for attributes when needed. (E.g. to accommodate different homeDirectory
>  locations on various machines.)
> 
> 2) Added integerOrderingMatch ORDERING rules to attributes with integer
> syntax. Admins frequently need to search for things like (uidNumber>=1000)
>  and the lack of the ORDERING rules was a great impediment.
> 
> 3) Added new groupOfMembers structural objectclass with "member" as an
> optional attribute, to support groups with zero members. This class should
>  be used whenever a structural group class is needed. The use of
> groupOfUniqueNames (and groupOfNames) is deprecated.

I wonder if it might be better to leave details about which structural 
objectclass should be used for groups out of this document. For implementors 
it should be enough to know that "member" is used for group members and 
"posixGroup" is the auxillary objectclass to look for. 
The definition of groupOfMembers might then better be handled in a separate 
document. As I think it is useful of other purposes than described here as 
well.
Additionally I wonder if the "memberUid" Attribute should be removed 
completely or at least be documented as being deprecated.
   
> 4) Added references to PAM and LDAP Password Policy. The use of LDAP
> information for authentication via NSS mechanisms is deprecated. The use of
> shadowAccount information for password policy is deprecated.
> 
> 5) Added Naming Considerations section with caveats re: user and group
>  naming.

-- 
Ralf
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext