[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: MacOS X logins very, very slow or failing with Openldap 2.1.23...
On 25 Nov 2003, at 18:40, Quanah Gibson-Mount wrote:
Essentially, if we get such a request, we simply blank out their name
to a "'". That fulfills the requirement, and allows us to continue to
expose posixAccount.
We leave the 'cn' alone, but set a flag (FERPA) to True. This causes
the server to return 'cn' (and other personal information) only to the
bound user or certain administrative users. The lack of 'cn' has no
effect on Mac OS X's use of posixAccount, nor any other implementation
that I have experience with. I suspect that MUST 'cn' is a bug in the
definition of posixAccount -- it doesn't really make sense that it's
required. I can see why 'cn' is MUST for posixGroup. Does the
password file require a name?
:wes