[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem making refint_nothing working



M. P. wrote:
>> In this case slapo-refint's own modification is internal and therefore
>> refint_nothing applys. But it does apply when the modification comes from an
>> external LDAP client.
> 
> Isn't there a "not" missing in the last sentence ?

Yes, should read "But it does not apply".

>> Thinking about the empty-groupOfNames-problem some more I consider to define a
>> cn=dummy value to be always present in groupOfNames entries and apply
>> val-based ACLs to make it invisible and unremovable for normal clients (even
>> the ones maintaining the groups).
> 
> Yep, I thought about some trick like this. I thought also about the
> modification of the groupOfNames objectClass but this one does not have the
> preference of my manager :)

Yes, mucking around with standard schema descriptions is not the right way.

You could use groupOfEntries which was exactly defined for that purpose:

https://tools.ietf.org/html/draft-findlay-ldap-groupofentries

> I have to find now how to add automaticcally a user to a group. ;)

Whatever "automatically" means in your context...

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature