[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute

Hallvard B Furuseth wrote:
> ando@OpenLDAP.org writes:
>> 	memberof.c  NONE -> 1.1
> Your 'memberOf' attribute definition says
> 	{ "( 1.2.840.113556.1.2.102 " (...)
> 		"EQUALITY distinguishedNameMatch "	/* added */
> 		"USAGE directoryOperation "		/* questioned */
> 		"X-ORIGIN 'iPlanet Delegated Administrator' )",
> Why iPlanet?  1.2.840.113556 is Microsoft.

I've found that string on the 'net.

> What happens if some of Microsoft's schema has already been imported?

Right now it complains and bails out.  This needs to be "refined", of
course.  OTOH that attribute, with the above definition, cannot be
loaded from file, so it has to be defined internally somehow (dsaschema?).

> I
> didn't find it at microsoft's site, but I found an old one (which I have
> not tested) at
> http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema/Attic/microsoft.schema

That's pretty unusable, since it starts by redefining objectClass "top"
according to AD's requirements, so I wouldn't worry about it.  That's
probably the weakest part of my work.  The "right" solution, if no one
has a better idea, is to define our own "is member of" attribute.  I
think Kurt, at some point while discussion this topic ages ago, came out
with an alternative definition, but I couldn't find that message (if I
remember it right at all).


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it