[Date Prev][Date Next] [Chronological] [Thread] [Top]

set-based constraints on multi-valued attrs


I have a hybrid groupOfEntries/posixGroup object class, let's call it
'aeGroup'. It's supposed to serve the same group membership information to
RFC2307 and RFC2307bis NSS clients.

I want to keep attributes group membership attriutes consistent by using the
following constraint:

# restrict memberUID to be consistent with group membership defined in member
constraint_attribute memberUID,member
  set "this/memberUID & this/member/uid"

This does not work as expected. I suspect that the constraint is not applied
to each value separately. Rather the constraint is true when any of the values
fulfill the constraint rules.

Similar constraints cross-referencing values work pretty well for attributes
only containing a single value.

Any clue?

(Yes, I'm already taking care of this in the admin UI web2ldap, but still I
want to prevent inconsistent values for any writing LDAP client.)

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature