Re: Please tell me I have something configured wrong...

["Tony Thompson" <tony.thompson@stone-ware.com>]

I guess this shouldn't surprise me too much but, I did some additional testing with this DN thing.  I added a valid inetOrgPerson as a "member" of my group and I deleted the inetOrgPerson.  OpenLDAP did not clean the now invalid DN from the "member" attribute of my group.  Am I missing something here?

The LDAP directories that I have been using are Novell's and Micro$oft's.  I know these are not 100% pure LDAP directories but, they are much more functional in this regard.  Are there any plans to fix this in OpenLDAP?  Does anyone consider this a bug other than me? 

BTW, Ingo, the tool I have been using to modify/add entires is ldapmodify/ldapadd and it does nothing to ensure consistency.  If the tool (instead of the directory) is supposed to do the job, shouldn't ldapadd/ldapmodify enforce this?

Still searching for answers...

>>> Ingo Schaefer <ingo@ingo-schaefer.de> 08/15/02 03:40PM >>>
Hallo, am Donnerstag, 15. August 2002 16:19 schrieb Tony Thompson:
> I have a groupOfNames object and I am adding members to the group. 
> I noticed that I can any DN to the "member" attribute, even if the
> DN doesn't exist.  For example, I added "cn=fred,dc=example,dc=com"
> as a "member" of my group.  My suffix is not "dc=example,dc=com"
> and I don't have an object named "fred" anywhere in my database.  I
> tested adding a string linke "nothing" and it failed because it
> didn't follow the syntax rules.  I could however add "cn=nothing"
> and it worked.
>
> Is there a way to make OpenLDAP verify that the DN that is being
> added is valid and fail the operation if it is not?

If it would do so, it will be a RDBMS.
the App, which is used for manipulating LDAP-Entries, should ensure 
the consistency.

Just my opinion, unverified.
hth
Ingo Schaefer