[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Letting Users Create Groups

To: Tim Gustafson <tjg@soe.ucsc.edu>
Subject: Re: Letting Users Create Groups
From: Christian Manal <moenoel@informatik.uni-bremen.de>
Date: Mon, 21 Mar 2011 10:41:17 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <1967328442.5975.1300466167888.JavaMail.root@mail-01.cse.ucsc.edu>
References: <1967328442.5975.1300466167888.JavaMail.root@mail-01.cse.ucsc.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.9.2.12) Gecko/20101110 Lightning/1.0b2 Icedove/3.1.6

Am 18.03.2011 17:36, schrieb Tim Gustafson:
>  by set="this/manager & user" write

I'd use a 'dnattr' rule here instead of a set. Sets can have a severe
impact on performance, since they are not cached.


> If I take out the "filter" line, it works fine, but with the "filter" line there it doesn't work, regardless of what gidNumber I provide.

Yeah, I just tested myself. The problem isn't the filter in itself, but
the greater-than and less-than operators. gidNumber doesn't have an
ORDERING rule, so the filter will always return false. Since gidNumber
is a builtin attribute, it can't be changed that easily, but I think
recently saw an ITS that requested adding 'ORDERING
integerOrderingMatch' to uidNumber and gidNumber. You'd have to wait for
the next OpenLDAP version.


Regards,
Christian Manal

Follow-Ups:
- Re: Letting Users Create Groups
  - From: Tim Gustafson <tjg@soe.ucsc.edu>

References:
- Re: Letting Users Create Groups
  - From: Tim Gustafson <tjg@soe.ucsc.edu>

Prev by Date: how ldap works replicating AD?
Next by Date: Re: DSEE to OpenLDAP
Index(es):
- Chronological
- Thread