[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Letting Users Create Groups
Am 18.03.2011 17:36, schrieb Tim Gustafson:
> by set="this/manager & user" write
I'd use a 'dnattr' rule here instead of a set. Sets can have a severe
impact on performance, since they are not cached.
> If I take out the "filter" line, it works fine, but with the "filter" line there it doesn't work, regardless of what gidNumber I provide.
Yeah, I just tested myself. The problem isn't the filter in itself, but
the greater-than and less-than operators. gidNumber doesn't have an
ORDERING rule, so the filter will always return false. Since gidNumber
is a builtin attribute, it can't be changed that easily, but I think
recently saw an ITS that requested adding 'ORDERING
integerOrderingMatch' to uidNumber and gidNumber. You'd have to wait for
the next OpenLDAP version.
Regards,
Christian Manal