[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldapsearch filter question
- To: 'Michael Ströder' <michael@stroeder.com>, Ralf Mattes <rm@mh-freiburg.de>
- Subject: RE: ldapsearch filter question
- From: "Zhang,Jun" <JHZhang@mdanderson.org>
- Date: Tue, 3 Jan 2017 22:01:57 +0000
- Accept-language: en-US
- Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Content-language: en-US
- In-reply-to: <3d2edd40-3171-37de-ca9c-26176505ed1f@stroeder.com>
- Ironport-phdr: 9a23:amPeThI+FQlH8IEX0dmcpTZWNBhigK39O0sv0rFitYgXKvTyrarrMEGX3/hxlliBBdydsKMYzbON+Pm9AiQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5br5+Ngi6oAveusULgYZvJLs6xwfUrHdPZ+lY335jK0iJnxb76Mew/Zpj/DpVtvk86cNOUrj0crohQ7BAAzsoL2465MvwtRneVgSP/WcTUn8XkhVTHQfI6gzxU4rrvSv7sup93zSaPdHzQLspVzmu87tnRRn1gyocKTU37H/YhdBxjKJDoRKuuRp/w5LPYIqIMPZyZ77Rcc8GSWZEWMtaSi5PDZ6mb4YXD+QPI/tWr5XzqVUNoxuxBwisC//gxDBHnXL2wbY13uA9HQ3awAAtHdQDu2nUotXvM6cSVPi4wKfLwjXDdfxW3zj95JDMfBA8p/GAU697fM3Vx0ctFAzFjk+fqYrqPz6O0+QCrnKU7+x9Wu2xkW4nsAZxoj61yscrkInJiZsYx1bZ/it3x4Y1IMe3SE99YdO8CpRfqTiWOJZ3QsM4WW1npCE6yrgetZ66YicK1JonywTYa/ydfIiF5A/oWuWJITpgmX5od7yyiwyv/US91+HwTMe53ExKoydFitXAq2wB2wbO5sSaRfZx5Fqt1DWM2gzJ9+1JIFw4mbLVK5E/wbM8ip8evEHeEiL1hEn7jqqbelgk9+S09evqZ6jqqYOSOoJ6jwzyLKojltGjDek+LwMARXKU+f6m273m5UD5RbJKgeAonaTBq5DaINgbpra+Aw9IzoYv8xa/ACmi0NQfhXQHKUhKeBODj4TzPlHBPer3DfGijFuyijdr3PfGPrv7DpXKNHjDn6/tfbd760FC1Ao+1c1T6p1aB70bPf7/R1L9uMbWAxMjMwG5w/7rCNBn2YMfXWKPDLWZMKTXsVKQ4uwhIeqDZI8Ptzb7JPgo/PvugmIjll8bYKamw4EXaGu/HvRgOUmZZmDsgtgZHWcQogU+VPDqiEGFUTNLYnayXr4z5jEhB424CYfOXZutgKCb3Ce8AJJZe35JCkqWHXj0cIWEXu8GaDiOLc95jjwESb+hRpc71RGrrwL6zrpnIvPa+i0Cq53j1cN65/DJlRE97zB7EtqS2XmXT25ohmMIWyM23KdnrEx60leMz654g/hFGtNJ//NFSxs6OoDAwOx6DdDyWx7Occ2NSFu9RdWmGS8+TtQ1w9ATeUl9A8+ujhfZ3yqlUPcpkOnEIZ0/8qvR2zDKO9zjx3vcm+F1ilgtQsJCMUW9mrR4+gTeHcjClEDP0+6QfKASlAvE6HuO1iLapkRwVQ41X7/IXHoCfESQodmvtW3YSLr7Q4YnOw1OjeyfLOECPv/Jv1VPQvjLPdjXZW68gXy3A1CP3LzaP9miQHkUwCiIUBtMqAsU53vTcFFmXio=
- References: <6474-586c1800-83-622b0a00@174613342> <3d2edd40-3171-37de-ca9c-26176505ed1f@stroeder.com>
- Thread-index: AdJmAvQBOGnM9/n5SgifpUJ7AQPmKwAMaBQAAAGbRgAAAK0AgAAMMX/A
- Thread-topic: ldapsearch filter question
Good knowledge.
-----Original Message-----
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Michael Ströder
Sent: Tuesday, January 03, 2017 3:51 PM
To: Ralf Mattes
Cc: openldap-technical@openldap.org
Subject: Re: ldapsearch filter question
Ralf Mattes wrote:
> Furthermore - are you shure you want to search for groupofnames and not
> posixgroup? Group ID numbers are usually used with POSIX groups and since
> both posixgroup and groupoufnames are structural groups they can't mix. It's
> actually pretty unlikely that your server holds groupofnames with a numeric
> group id.
Note that there's RFC2307bis [1] which uses groupOfNames as STRUCTURAL object
class and posixGroup as supplement AUXILIARY object class. Some NSS/LDAP clients
can use this schema.
In Æ-DIR I use multiple inheritance for the 'aeGroup' [2] STRUCTURAL object
class to combine groupOfEntries (which permits empty groups) and classic
posixGroup for backward compability with NSS/LDAP clients which are only capable
to use 'memberUID' as member attribute. Furthermore slapo-constraint ensures
that attribute value sets of 'member' and 'memberUID' are in sync.
( 1.3.6.1.4.1.5427.1.389.100.6.1
NAME 'aeGroup'
DESC 'AE-DIR: Group entry'
SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
STRUCTURAL
MUST description
MAY aeDept )
Multiple object class inheritance is not possible with all LDAP servers (e.g.
not possible with 389-DS).
Ciao, Michael.
[1] https://tools.ietf.org/html/draft-howard-rfc2307bis#section-4
[2] https://www.ae-dir.com/docs.html#schema-oc-aeGroup
The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.