[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Q: empty groups (groupOfNames, member)
On Fri, 06 Dec 2013 09:49:45 +0100 "Ulrich Windl"
<Ulrich.Windl@rz.uni-regensburg.de> wrote
> I had a problem with "empty groups": object class groupOfNames has a MUST
> member attribute, so you cannot create an empty group. I consider this to be
> a bug in the object class definition, specifically as groupOfNames is
> structural, and not auxillary. So in SLES empty (POSIX) groups are created
> with a namedObject structural class.
You are not alone. You could try to restart the discussion on ietf-ldapext
mailing list about
http://tools.ietf.org/html/draft-findlay-ldap-groupofentries
See Andrew's discussion start postings:
http://www.ietf.org/mail-archive/web/ldapext/current/msg01141.html
http://www.ietf.org/mail-archive/web/ldapext/current/msg01256.html
> 1) is there a technical reason against empty groups? I'd consider them as
> valid as empty arrays.
Let's go to ietf-ldapext mailing list for this discussion.
> 2) Is it an LDAP requirement to forbid structural changes in object classes,
Yes. LDAPv3 prohibits to change the structural object class of an entry. I
suspect this comes from restrictions due to checking DIT structure rules.
Ciao, Michael.