[Date Prev][Date Next]
Re: Please tell me I have something configured wrong...
In my opinion, since OpenLDAP allows this, it is essentially allowing the DB to become corrupted (i.e. references to non-existent entries). If the DS does not do some kind of verification (other than make sure it is formatted correctly) on a DN attribute, why not just make it a Directory String?
>>> Ingo Schaefer <firstname.lastname@example.org> 08/15/02 03:40PM >>>
Hallo, am Donnerstag, 15. August 2002 16:19 schrieb Tony Thompson:
> I have a groupOfNames object and I am adding members to the group.
> I noticed that I can any DN to the "member" attribute, even if the
> DN doesn't exist. For example, I added "cn=fred,dc=example,dc=com"
> as a "member" of my group. My suffix is not "dc=example,dc=com"
> and I don't have an object named "fred" anywhere in my database. I
> tested adding a string linke "nothing" and it failed because it
> didn't follow the syntax rules. I could however add "cn=nothing"
> and it worked.
> Is there a way to make OpenLDAP verify that the DN that is being
> added is valid and fail the operation if it is not?
If it would do so, it will be a RDBMS.
the App, which is used for manipulating LDAP-Entries, should ensure
Just my opinion, unverified.