[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: memberOf attribute
From: Pierangelo Masarati <ando@sys-net.it>
Date: Fri, 24 Aug 2007 08:51:20 +0200
Cc: OpenLDAP Commit <openldap-commit2devel@openldap.org>
In-reply-to: <hbf.20070824rfg2@bombur.uio.no>
References: <200708240046.l7O0kw0h048811@cantor.openldap.org> <hbf.20070824rfg2@bombur.uio.no>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

Hallvard B Furuseth wrote:
> ando@OpenLDAP.org writes:
>> 	memberof.c  NONE -> 1.1
> 
> Your 'memberOf' attribute definition says
> 	{ "( 1.2.840.113556.1.2.102 " (...)
> 		"EQUALITY distinguishedNameMatch "	/* added */
> 		"USAGE directoryOperation "		/* questioned */
> 		/* "NO-USER-MODIFICATION " */
> 		"X-ORIGIN 'iPlanet Delegated Administrator' )",
> Why iPlanet?  1.2.840.113556 is Microsoft.

I've found that string on the 'net.

> What happens if some of Microsoft's schema has already been imported?

Right now it complains and bails out.  This needs to be "refined", of
course.  OTOH that attribute, with the above definition, cannot be
loaded from file, so it has to be defined internally somehow (dsaschema?).

> I
> didn't find it at microsoft's site, but I found an old one (which I have
> not tested) at
> http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema/Attic/microsoft.schema

That's pretty unusable, since it starts by redefining objectClass "top"
according to AD's requirements, so I wouldn't worry about it.  That's
probably the weakest part of my work.  The "right" solution, if no one
has a better idea, is to define our own "is member of" attribute.  I
think Kurt, at some point while discussion this topic ages ago, came out
with an alternative definition, but I couldn't find that message (if I
remember it right at all).

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

References:
- memberOf attribute (was: commit: ldap/servers/slapd/overlays memberof.c Makefile.in)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: memberOf attribute (was: commit: ldap/servers/slapd/overlays memberof.c Makefile.in)
Next by Date: accesslog schema
Index(es):
- Chronological
- Thread