[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Please tell me I have something configured wrong...

At 07:19 AM 2002-08-15, Tony Thompson wrote:
>I have a groupOfNames object and I am adding members to the group.  I noticed that I can any DN to the "member" attribute, even if the DN doesn't exist.  For example, I added "cn=fred,dc=example,dc=com" as a "member" of my group.  My suffix is not "dc=example,dc=com" and I don't have an object named "fred" anywhere in my database.  I tested adding a string linke "nothing" and it failed because it didn't follow the syntax rules.  I could however add "cn=nothing" and it worked.
>Is there a way to make OpenLDAP verify that the DN that is being added is valid and fail the operation if it is not?

No.  The LDAP technical specification prohibit the server from
checking whether a DN provided as a value of a user application
attribute refers to an existing entry or not.