Re: structural objectclass checking

[Michael Ströder <michael@stroeder.com>]

On 1/9/20 4:35 PM, Markus.Storm@t-systems.com wrote:
>> Define a new STRUCTURAL object class derived from different other 
>> STRUCTURAL object classes.
>
> But that would mean to assign that new group to every entry that has
> 2 structural objectclasses today, wouldn't it?
Yes. But since you have to do an export/import anyway it's not a big
deal to create a simple LDIF filter script to add such a custom object
class.

> So it would require me to change the upstream data e.g. replace
> posixGroup by aeGroup and remove groupOfURLs (to stick with your
> example) and the application as there's applications to search for
> e.g. &(objectclass=posixGroup)(objectclass=groupOfURLs).
I don't exactly understand what you mean.

When using object class inheritance every filter for a SUP object class
also matches.

You can play with Æ-DIR's demo which has a public LDAP(S) port and test
how searching the group entries work:

https://www.ae-dir.com/demo.html

> And I would need to fix future entries on the fly (rwm module in
> replication??)
Using slapo-rwm would not work.

> Guess that won't work out, possibly still easier to work around this
> in the source code.
If you want to implement C code you could implement custom overlays and
do whatever you want.

Ciao, Michael.