[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "add user to group" validation



Héctor Miranda wrote:

Hi all, just a question.

Is it possible in LDAP (OpenLDAP) that the directory (the schema itself or
by any other mean) validates the existence of a user when someone is trying
to add it into a group?? Thereby, disallowing this "add to group" if such
user doesn't exists.


Applications should take care of that; as an alternative, you could write an overlay,
or a slaapi module that does that for you. A careful implementation would not only
look at group membership modifications, but also at entry deletion/renaming, to
keep the group memberships in sync with the status of the entries managed by the DSA.
Note that, in a distributed environment, members do not need to be physically stored
on the same DSA, and, in general, for one server, group members do not need to be
in the same database, so such a general tool would be a nightmare. In this sense, it
is your application, or your specific module/overlay, that should take care of your
specific needs.


p.





   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497