[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: empty groups (groupOfNames, member)

To: <openldap-technical@openldap.org>
Subject: Re: Q: empty groups (groupOfNames, member)
From: "Michael StrÃder" <michael@stroeder.com>
Date: Fri, 06 Dec 2013 11:40:05 +0100
In-reply-to: <52A19DB9020000A1000136C1@gwsmtp1.uni-regensburg.de>
References: <52A19DB9020000A1000136C1@gwsmtp1.uni-regensburg.de>

On Fri, 06 Dec 2013 09:49:45 +0100 "Ulrich Windl"
<Ulrich.Windl@rz.uni-regensburg.de> wrote
> I had a problem with "empty groups": object class groupOfNames has a MUST
> member attribute, so you cannot create an empty group. I consider this to be
> a bug in the object class definition, specifically as groupOfNames is
> structural, and not auxillary. So in SLES empty (POSIX) groups are created
> with a namedObject structural class. 

You are not alone. You could try to restart the discussion on ietf-ldapext
mailing list about

http://tools.ietf.org/html/draft-findlay-ldap-groupofentries

See Andrew's discussion start postings:

http://www.ietf.org/mail-archive/web/ldapext/current/msg01141.html

http://www.ietf.org/mail-archive/web/ldapext/current/msg01256.html

> 1) is there a technical reason against empty groups? I'd consider them as
> valid as empty arrays. 

Let's go to ietf-ldapext mailing list for this discussion.

> 2) Is it an LDAP requirement to forbid structural changes in object classes,

Yes. LDAPv3 prohibits to change the structural object class of an entry. I
suspect this comes from restrictions due to checking DIT structure rules.

Ciao, Michael.

References:
- Q: empty groups (groupOfNames, member)
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Antw: RE: OPENLDAP HANGS DAILY
Next by Date: Re: Q: empty groups (groupOfNames, member)
Index(es):
- Chronological
- Thread