[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Creating empty groupOfUniqueNames..

To: fuser9bb@hotpop.com
Subject: Re: Creating empty groupOfUniqueNames..
From: Howard Chu <hyc@symas.com>
Date: Tue, 14 Dec 2004 08:42:24 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <004e01c4e0e2$80113aa0$9db30b44@dpboxen>
References: <004e01c4e0e2$80113aa0$9db30b44@dpboxen>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041101

fuser9bb@hotpop.com wrote:

I want to create a set of groups that will be used for authorization purposes. To me, it seems that a groupOfNames or groupOfUniqueNames will best serve this purpose. (Better suggestions?) However, both object classes require at least one member attribute. There will be times though when a member is not known. How do you handle this?
Right now I create all groups with an invalid member attribute:
member: cn=invalid,dc=..,dc=..
Does this break any convention? Is there a better way to handle this?

There's nothing wrong with what you suggest. I would ignore groupOfUniqueNames, it's rather useless in the LDAP context. Note that it is legal for distinguishedName syntax to have a zero-length value. I would just use groupOfNames with a zero-length member, which is fundamentally the same idea as your using an invalid DN.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: Creating empty groupOfUniqueNames..
  - From: <fuser9bb@hotpop.com>
- Re: Creating empty groupOfUniqueNames..
  - From: <fuser9bb@hotpop.com>

References:
- Creating empty groupOfUniqueNames..
  - From: <fuser9bb@hotpop.com>

Prev by Date: Creating empty groupOfUniqueNames..
Next by Date: how can add an encoded LDIF by ldapmodify
Index(es):
- Chronological
- Thread