[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP memberof plugin and Samba4

Andrew Bartlett wrote:
When I add invalid member to a group, OpenLDAP returns
LDAP_CONSTRAINT_VIOLATION <adding non-existing object as group member>,
but AD returns error 32, LDAP_NO_SUCH_OBJECT for this situation.

Hmm, this is a result of a modify operation for which an additional constraint is enforced. So I think the error code returned by OpenLDAP is correct. Because the entry to be modified really exists it would be wrong to return LDAP_NO_SUCH_OBJECT.

Would it be reasonable to change this, or could it be made

I'd even recommend not to enable this by configuration.

(it might be nobody ever looks at
this, but I don't like to make that assumption).

I'm nitpicking here because my web2ldap has a special exception handler for dealing with LDAP_NO_SUCH_OBJECT (automagically lookup SRV RR for dc-style DNs etc).

Ciao, Michael.