HI! I have a hybrid groupOfEntries/posixGroup object class, let's call it 'aeGroup'. It's supposed to serve the same group membership information to RFC2307 and RFC2307bis NSS clients. I want to keep attributes group membership attriutes consistent by using the following constraint: # restrict memberUID to be consistent with group membership defined in member constraint_attribute memberUID,member set "this/memberUID & this/member/uid" restrict="ldap:///dc=example,dc=com??sub?(objectClass=aeGroup)" This does not work as expected. I suspect that the constraint is not applied to each value separately. Rather the constraint is true when any of the values fulfill the constraint rules. Similar constraints cross-referencing values work pretty well for attributes only containing a single value. Any clue? (Yes, I'm already taking care of this in the admin UI web2ldap, but still I want to prevent inconsistent values for any writing LDAP client.) Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature