[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SubEntry behaviour in OpenLDAP

To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Subject: Re: SubEntry behaviour in OpenLDAP
From: Howard Chu <hyc@symas.com>
Date: Fri, 30 May 2008 09:06:30 -0700
Cc: openldap-software@openldap.org
In-reply-to: <20080530145118.GA24342@tile.skills-1st.co.uk>
References: <20080530145118.GA24342@tile.skills-1st.co.uk>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9pre) Gecko/2008043023 SeaMonkey/2.0a1pre

Andrew Findlay wrote:

If I force the name of the policy into pwdPolicySubentry then it does
take effect, but that is not the point: the subentry should set this
attribute automatically.

The problem may be that the root of the subtree is not marked as an
administration point: OpenLDAP 2.3.39 knows about the
administrativeRole attribute but seems to have 'not implemented'
hard-wired into the result code.

Are subentries expected to work, or am I mis-reading something here?

Nope, that functionality is not implemented. Currently the only approach is to set explicit values in the pwdPolicySubentry attribute of various entries.

The alternative is to extend the collect.c overlay for this purpose.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- SubEntry behaviour in OpenLDAP
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: SubEntry behaviour in OpenLDAP
Next by Date: Delta-syncrepl issue
Index(es):
- Chronological
- Thread