[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP memberof plugin and Samba4

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: OpenLDAP memberof plugin and Samba4
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 27 Dec 2007 13:31:59 +0100
Cc: rhafer@suse.de, openldap-devel@openldap.org
In-reply-to: <1198730947.3424.15.camel@localhost.localdomain>
References: <1198730947.3424.15.camel@localhost.localdomain>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7

Andrew Bartlett wrote:

When I add invalid member to a group, OpenLDAP returns
LDAP_CONSTRAINT_VIOLATION <adding non-existing object as group member>,
but AD returns error 32, LDAP_NO_SUCH_OBJECT for this situation.

Hmm, this is a result of a modify operation for which an additional constraint is enforced. So I think the error code returned by OpenLDAP is correct. Because the entry to be modified really exists it would be wrong to return LDAP_NO_SUCH_OBJECT.

Would it be reasonable to change this, or could it be made
configurable.


I'd even recommend not to enable this by configuration.

(it might be nobody ever looks at this, but I don't like to make that assumption).

I'm nitpicking here because my web2ldap has a special exception handler for dealing with LDAP_NO_SUCH_OBJECT (automagically lookup SRV RR for dc-style DNs etc).

Ciao, Michael.

References:
- OpenLDAP memberof plugin and Samba4
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: OpenLDAP memberof plugin and Samba4
Next by Date: Re: OpenLDAP memberof plugin and Samba4
Index(es):
- Chronological
- Thread