[Date Prev][Date Next]
Re: Creating empty groupOfUniqueNames..
Would you mind explaining what you mean by "rather useless in the LDAP
context"? I am using groupOfUniqueNames instead of groupOfNames as any group
I want to define will only list each member entry once. Are you simply
saying that I might as well use groupOfNames and don't worry about
----- Original Message -----
From: "Howard Chu" <firstname.lastname@example.org>
Sent: Tuesday, December 14, 2004 1:42 AM
Subject: Re: Creating empty groupOfUniqueNames..
I want to create a set of groups that will be used for authorization
purposes. To me, it seems that a groupOfNames or groupOfUniqueNames will
best serve this purpose. (Better suggestions?) However, both object
classes require at least one member attribute. There will be times though
when a member is not known. How do you handle this?
Right now I create all groups with an invalid member attribute:
Does this break any convention? Is there a better way to handle this?
There's nothing wrong with what you suggest. I would ignore
groupOfUniqueNames, it's rather useless in the LDAP context. Note that it
is legal for distinguishedName syntax to have a zero-length value. I would
just use groupOfNames with a zero-length member, which is fundamentally
the same idea as your using an invalid DN.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support