AW: "add user to group" validation

["Gemeiner, Jan" <Jan.Gemeiner@dresdner-bank.com>]

Hello,

perhaps it would be a possibility to use constraints and referencial
integrity in the underlaying database.
I want to try such an effort with the sql backend.
Has anyone tried or is running such a database.

Greetings

Jan

-----Ursprüngliche Nachricht-----
Von: Pierangelo Masarati [mailto:ando@sys-net.it]
Gesendet: Samstag, 17. April 2004 09:30
An: Héctor Miranda
Cc: 'openldap-software@openldap.org'
Betreff: Re: "add user to group" validation


Héctor Miranda wrote:

>Hi all, just a question.
>
>Is it possible in LDAP (OpenLDAP) that the directory (the schema itself or
>by any other mean) validates the existence of a user when someone is trying
>to add it into a group?? Thereby, disallowing this "add to group" if such
>user doesn't exists.
>  
>
Applications should take care of that; as an alternative, you could 
write an overlay,
or a slaapi module that does that for you.  A careful implementation 
would not only
look at group membership modifications, but also at entry 
deletion/renaming, to
keep the group memberships in sync with the status of the entries 
managed by the DSA.
Note that, in a distributed environment, members do not need to be 
physically stored
on the same DSA, and, in general, for one server, group members do not 
need to be
in the same database, so such a general tool would be a nightmare.  In 
this sense, it
is your application, or your specific module/overlay, that should take 
care of your
specific needs.

p.





    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497