[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: structural objectclass checking

To: Markus.Storm@t-systems.com, openldap-technical@openldap.org
Subject: Re: structural objectclass checking
From: Howard Chu <hyc@symas.com>
Date: Sat, 11 Jan 2020 05:06:18 +0000
Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com 9A0BDCF5FE
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1578719181; bh=d9t/taeBEPFhjQLfuJ4FDKsRso7aOJmR9VU5bkYC9Bc=; h=To:From:Message-ID:Date:MIME-Version; b=bTD6thWlqW6JPQcnasQ9z5X+cRl/R7EegDa3iXuG5E0w07Qubpptcdi2oj0gWiV6/ S762odNnJEk8m2bSQ7MlT+nAbBULCq2PnByTXlegCeW54DKSce7wibAr12QuXqRAyP vxJF0Mnr8NjeX/4imC1UR5ujDkDcjDnujDHFKRw16sV6+iZx56kC0CVbofqoaTk8HA PXyHL7/8oAv70Mp/E4w+RxUSHUff6/9+WKGLsO81varNTrsIHj30X8or5hEnroS5HF 7MRWPAyaZrQPIIZ0mTCRXZTnDnIvUyMRnnfDb2Y1hBt0cUiOZYAsllh778bJquwa9n JB0oF3J5WYI7g==
In-reply-to: <FRAPR01MB0193C19A9FF50E04D16DA1E3D0390@FRAPR01MB0193.DEUPRD01.PROD.OUTLOOK.DE>
References: <LEJPR01MB017032248F597DFB218E2B94D03E0@LEJPR01MB0170.DEUPRD01.PROD.OUTLOOK.DE> <13EAABA2D0CBE9297CA74B75@[192.168.1.144]> <9e3dae6b-cd82-f308-1632-e3ac0de07ba9@stroeder.com> <FRAPR01MB0193C19A9FF50E04D16DA1E3D0390@FRAPR01MB0193.DEUPRD01.PROD.OUTLOOK.DE>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53

Markus.Storm@t-systems.com wrote:
> Thanks Michael for that idea. But that would mean to assign that new group to every entry that has 2 structural objectclasses today, wouldn't it?

New objectclass, not new group.

> So it would require me to change the upstream data e.g. replace posixGroup by aeGroup and remove groupOfURLs

No need to remove groupOfURLs.

> (to stick with your example) and the application as there's applications to search for e.g.
> &(objectclass=posixGroup)(objectclass=groupOfURLs).

No need to change applications, since the new objectclass would satisfy both of those filters.

> And I would need to fix future entries on the fly (rwm module in replication??)
> 
> Guess that won't work out, possibly still easier to work around this in the source code.
> Any opinions on that from people to know the source better than I do ?
> 
> Best regards
> Markus
> 
>> -----Original Message-----
>> From: Michael Ströder <michael@stroeder.com>
>> Sent: Thursday, January 9, 2020 9:56 AM
>> To: Storm, Markus <Markus.Storm@t-systems.com>; openldap-
>> technical@openldap.org
>> Subject: Re: structural objectclass checking
>>
>> On 1/8/20 7:07 PM, Quanah Gibson-Mount wrote:
>>> --On Wednesday, January 8, 2020 3:25 PM +0000
>>> Markus.Storm@t-systems.com
>>> wrote:
>>>
>>>> is there a way to disable OpenLDAP checking entries for existence of
>>>> STRUCTURAL objectclasses?
>>>
>>> No.  This is a hard requirement.  The best option would be to fix the
>>> bad data in your upstream system.
>>
>> One possibility to fix this:
>> Define a new STRUCTURAL object class derived from different other
>> STRUCTURAL object classes.
>>
>> E.g. in Æ-DIR I'm using this to provide hybrid posixGroup entries serving RFC
>> 2307 and RFC 2307bis groups:
>>
>> ( 1.3.6.1.4.1.5427.1.389.100.6.1
>>   NAME 'aeGroup'
>>   DESC 'AE-DIR: Group entry'
>>   SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
>>   STRUCTURAL
>>   MUST description
>>   MAY ( aeMemberZone $ aeDept $ aeLocation ) )
>>
>> This works because unlike other LDAP directory servers OpenLDAP supports
>> multiple class inheritance.
>>
>> Ciao, Michael.


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- structural objectclass checking
  - From: <Markus.Storm@t-systems.com>
- Re: structural objectclass checking
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: structural objectclass checking
  - From: Michael Ströder <michael@stroeder.com>
- RE: structural objectclass checking
  - From: <Markus.Storm@t-systems.com>

Prev by Date: Re: Replication account problem
Next by Date: Re: structural objectclass checking
Index(es):
- Chronological
- Thread