On Mon, 2013-12-23 at 22:52 +0100, Dieter KlÃnter wrote: > You use attribute type uniqueMember without any additional UID in order > to enforce uniqueness. The syntax of uniqueMember attribute type is > Name and optional UID. But without any additional UID any sort of > uniqueness cannot be provided. Just use member attribute type for group > membership, unless you want to enforce a proper uniqueness. Additionally, if you plan to use the contents of the tree as Unix users and want to have reasonable performance for large trees, you should either: - use memberUid attributes - user member or uniqueMember with user with uid in the DN The reason for this is that whet you lookup group information the information returned from a group should also include all the usernames of the members. Since you cannot do joins in LDAP, every group with member attributes such as cn=Joe,ou=People,dc=... will require another lookup per member to find the username (uid attribute). -- -- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
Attachment:
signature.asc
Description: This is a digitally signed message part