[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy

To: Arthur de Jong <arthur@arthurdejong.org>, openldap-technical@openldap.org
Subject: Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
From: Howard Chu <hyc@symas.com>
Date: Thu, 26 Dec 2013 07:41:41 -0800
In-reply-to: <1388062059.16173.28.camel@sorbet.thuis.net>
References: <02B24DE5CB6DFD4497226B2F508790E2E9A4@MATSVEMBX01.mclane.local> <20131223225228.3281a32b@pink.avci.de> <1387975788.4767.6.camel@sorbet.thuis.net> <52BAEB36.7090100@stroeder.com> <52BAFD4D.6010106@stroeder.com> <1388062059.16173.28.camel@sorbet.thuis.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1

Arthur de Jong wrote:

On Wed, 2013-12-25 at 16:44 +0100, Michael StrÃder wrote:

Furthermore there's slapo-deref which seems to work. The client
control can be used to retrieve all the 'uid' values in member
entries. The NSS provider has to extract the 'uid' values from the
response control value.

See https://tools.ietf.org/html/draft-masarati-ldap-deref


Sadly, the Internet Draft expired without turning into an RFC. I also
can't find any documentation on slapo-deref, do you have any pointers?

Also, do you have any idea whether this is implemented by a significant
part of the LDAP servers out there (is it worth the effort to implement
this client-side)?

This was developed at the request of the Samba team, and some of thosedevelopers also worked on SSSD, so it has already been implemented insignificant volumes.

There is also a memberof overlay that populates memberOf attributes in
users. Would it be difficult to make a memberuid overlay that populates
memberUid attributes in the group?


That would be counterproductive.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: Arthur de Jong <arthur@arthurdejong.org>

References:
- Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: David Barr <David.Barr2@mclaneat.com>
- Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: Arthur de Jong <arthur@arthurdejong.org>
- Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: Michael StrÃder <michael@stroeder.com>
- Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: Michael StrÃder <michael@stroeder.com>
- Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
  - From: Arthur de Jong <arthur@arthurdejong.org>

Prev by Date: Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
Next by Date: MMR config question - serverID without URL and CSN too old, ignoring in the log
Index(es):
- Chronological
- Thread