[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Limiting Search Results By Group Membership
- To: Douglas Duckworth <dod2014@med.cornell.edu>
- Subject: Re: Limiting Search Results By Group Membership
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Fri, 21 Jul 2017 09:23:06 -0700
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- In-reply-to: <WM!505710297870eb01e64fc18aa7537461bfedcc1a3db657f29be7a0aa63789e190644fd7ae333ab6dc307922123ae7750!@mailstronghold-3.zmailcloud.com>
- References: <CAAKHBK=9xo4Z0bp8Nu0n3htXnV9dRWvFd_SSK1gkHzu_Pny5rg@mail.gmail.com> <WM!163dbcda7bae57b93bc558eacd1912466c3d475ec085384917c320484c6357c5733c01ea efd313d32938f3f84a91aa98!@mailstronghold-3.zmailcloud.com> <304f287b401f43a1b4c59c184990e3de@DM5PR06MB3097.namprd06.prod.outlook.com> <CAAKHBKmef1V0wH+GYNGUqqws2LNq=jp4gRDiO_JijAm9DLD0rQ@mail.gmail.com> <WM!505710297870eb01e64fc18aa7537461bfedcc1a3db657f29be7a0aa63789e190644fd7ae333ab6dc307922123ae7750!@mailstronghold-3.zmailcloud.com>
--On Friday, July 21, 2017 10:53 AM -0400 Douglas Duckworth
<dod2014@med.cornell.edu> wrote:
limits
group/posixGroup/memberUid="cn=admins,ou=group,dc=server,dc=domain"
size=unlimited time=unlimited
Though I am still hitting the limit.
Hi Douglas,
It would probably be worthwhile to dig into LDAP schema to understand
attribute definitions, matching rules, etc.
To start, memberUid is a string type. It's not a DN type:
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
As opposed to member, which is specifically a DN type:
attributetype: ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
attributetype: ( 2.5.4.49 NAME 'distinguishedName'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>