[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute: part of LDAP v3 standard ?


On Tuesday 30 April 2002 10:57, you wrote:
> It seems that, depending on the LDAP server (openldap, Active Directory,
> Netscape, ...), a ldapsearch query can (or not)return the memberOf
> attribute, as part of the list of returned attributes.
> Is this attribute part of LDAP v3 standard or not?

I did not find it in any RFCs that are in the OpenLDAP distribution.
So I think, it is not part of the standard.

It even is not in the schema files that come with OpenLDAP.
So, OpenLDAP does not support it out of the box.

> Do all the LDAP servers should support such computed-on-the-fly attribute?

Why should they if it is not standard? 

Just for the record:
In Novell eDirectory, the attribute is called different and is not calculated 
on-the-fly but maintained by the Novell management tools.
If you only add a member attribute to a group object via LDAP and forget 
about the attribute on the user object side, you only have one side of the 
Novell eDirectory has an internal background process that detects these 
situations and corrects them, but this process runs only in intervals.

If you want to write applications that adhere to the standard, aways use
the member/uniqueMember attributes in the groupOfNames/GroupOfUniqueNames 

Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35