[Date Prev][Date Next]
Re: Please tell me I have something configured wrong...
I guess this shouldn't surprise me too much but, I did some additional testing with this DN thing. I added a valid inetOrgPerson as a "member" of my group and I deleted the inetOrgPerson. OpenLDAP did not clean the now invalid DN from the "member" attribute of my group. Am I missing something here?
The LDAP directories that I have been using are Novell's and Micro$oft's. I know these are not 100% pure LDAP directories but, they are much more functional in this regard. Are there any plans to fix this in OpenLDAP? Does anyone consider this a bug other than me?
BTW, Ingo, the tool I have been using to modify/add entires is ldapmodify/ldapadd and it does nothing to ensure consistency. If the tool (instead of the directory) is supposed to do the job, shouldn't ldapadd/ldapmodify enforce this?
Still searching for answers...
>>> Ingo Schaefer <firstname.lastname@example.org> 08/15/02 03:40PM >>>
Hallo, am Donnerstag, 15. August 2002 16:19 schrieb Tony Thompson:
> I have a groupOfNames object and I am adding members to the group.
> I noticed that I can any DN to the "member" attribute, even if the
> DN doesn't exist. For example, I added "cn=fred,dc=example,dc=com"
> as a "member" of my group. My suffix is not "dc=example,dc=com"
> and I don't have an object named "fred" anywhere in my database. I
> tested adding a string linke "nothing" and it failed because it
> didn't follow the syntax rules. I could however add "cn=nothing"
> and it worked.
> Is there a way to make OpenLDAP verify that the DN that is being
> added is valid and fail the operation if it is not?
If it would do so, it will be a RDBMS.
the App, which is used for manipulating LDAP-Entries, should ensure
Just my opinion, unverified.