[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Letting Users Create Groups

Am 18.03.2011 17:36, schrieb Tim Gustafson:
>  by set="this/manager & user" write

I'd use a 'dnattr' rule here instead of a set. Sets can have a severe
impact on performance, since they are not cached.

> If I take out the "filter" line, it works fine, but with the "filter" line there it doesn't work, regardless of what gidNumber I provide.

Yeah, I just tested myself. The problem isn't the filter in itself, but
the greater-than and less-than operators. gidNumber doesn't have an
ORDERING rule, so the filter will always return false. Since gidNumber
is a builtin attribute, it can't be changed that easily, but I think
recently saw an ITS that requested adding 'ORDERING
integerOrderingMatch' to uidNumber and gidNumber. You'd have to wait for
the next OpenLDAP version.

Christian Manal