[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP memberof plugin and Samba4



Andrew Bartlett wrote:
When I add invalid member to a group, OpenLDAP returns
LDAP_CONSTRAINT_VIOLATION <adding non-existing object as group member>,
but AD returns error 32, LDAP_NO_SUCH_OBJECT for this situation.

Hmm, this is a result of a modify operation for which an additional constraint is enforced. So I think the error code returned by OpenLDAP is correct. Because the entry to be modified really exists it would be wrong to return LDAP_NO_SUCH_OBJECT.


Would it be reasonable to change this, or could it be made
configurable.

I'd even recommend not to enable this by configuration.

(it might be nobody ever looks at
this, but I don't like to make that assumption).

I'm nitpicking here because my web2ldap has a special exception handler for dealing with LDAP_NO_SUCH_OBJECT (automagically lookup SRV RR for dc-style DNs etc).


Ciao, Michael.