[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MacOS X logins very, very slow or failing with Openldap 2.1.23...



On 25 Nov 2003, at 18:40, Quanah Gibson-Mount wrote:
Essentially, if we get such a request, we simply blank out their name to a "'". That fulfills the requirement, and allows us to continue to expose posixAccount.

We leave the 'cn' alone, but set a flag (FERPA) to True. This causes the server to return 'cn' (and other personal information) only to the bound user or certain administrative users. The lack of 'cn' has no effect on Mac OS X's use of posixAccount, nor any other implementation that I have experience with. I suspect that MUST 'cn' is a bug in the definition of posixAccount -- it doesn't really make sense that it's required. I can see why 'cn' is MUST for posixGroup. Does the password file require a name?


:wes