[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "add user to group" validation

To: Héctor Miranda <hmiranda@insys-corp.com.mx>
Subject: Re: "add user to group" validation
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 17 Apr 2004 09:30:27 +0200
Cc: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
References: <59B41C14544D314889E6FA384A307A9211ED53@osiris.insys-corp.com.mx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Héctor Miranda wrote:

Hi all, just a question.
Is it possible in LDAP (OpenLDAP) that the directory (the schema itself or by any other mean) validates the existence of a user when someone is trying to add it into a group?? Thereby, disallowing this "add to group" if such user doesn't exists.

Applications should take care of that; as an alternative, you could write an overlay, or a slaapi module that does that for you. A careful implementation would not only look at group membership modifications, but also at entry deletion/renaming, to keep the group memberships in sync with the status of the entries managed by the DSA. Note that, in a distributed environment, members do not need to be physically stored on the same DSA, and, in general, for one server, group members do not need to be in the same database, so such a general tool would be a nightmare. In this sense, it is your application, or your specific module/overlay, that should take care of your specific needs.

p.

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- "add user to group" validation
  - From: Héctor Miranda <hmiranda@insys-corp.com.mx>

Prev by Date: Re: slapd: Unrecognized database type (dbd)
Next by Date: Re: ldapsearch 2.0 vs. 2.1 against a netware LDAP server
Index(es):
- Chronological
- Thread