[Date Prev][Date Next]
Re: memberOf attribute: part of LDAP v3 standard ?
- To: "Yves Robin" <email@example.com>
- Subject: Re: memberOf attribute: part of LDAP v3 standard ?
- From: Peter Marschall <firstname.lastname@example.org>
- Date: Wed, 1 May 2002 09:01:47 +0200
- Cc: "Mailing list OpenLdap" <openldap-software@OpenLDAP.org>
- In-reply-to: <FEELKOJLNJOFOIMCNLHOAEDMCNAA.email@example.com>
- Organization: MPN
- References: <FEELKOJLNJOFOIMCNLHOAEDMCNAA.firstname.lastname@example.org>
On Tuesday 30 April 2002 10:57, you wrote:
> It seems that, depending on the LDAP server (openldap, Active Directory,
> Netscape, ...), a ldapsearch query can (or not)return the memberOf
> attribute, as part of the list of returned attributes.
> Is this attribute part of LDAP v3 standard or not?
I did not find it in any RFCs that are in the OpenLDAP distribution.
So I think, it is not part of the standard.
It even is not in the schema files that come with OpenLDAP.
So, OpenLDAP does not support it out of the box.
> Do all the LDAP servers should support such computed-on-the-fly attribute?
Why should they if it is not standard?
Just for the record:
In Novell eDirectory, the attribute is called different and is not calculated
on-the-fly but maintained by the Novell management tools.
If you only add a member attribute to a group object via LDAP and forget
about the attribute on the user object side, you only have one side of the
Novell eDirectory has an internal background process that detects these
situations and corrects them, but this process runs only in intervals.
If you want to write applications that adhere to the standard, aways use
the member/uniqueMember attributes in the groupOfNames/GroupOfUniqueNames
Peter Marschall | eMail: email@example.com
Scheffelstraße 15 | firstname.lastname@example.org
97072 Würzburg | Tel: 0931/14721
PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35