[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: structural objectclass checking
- To: Markus.Storm@t-systems.com, openldap-technical@openldap.org
- Subject: Re: structural objectclass checking
- From: Michael Ströder <michael@stroeder.com>
- Date: Sat, 11 Jan 2020 10:49:32 +0100
- Autocrypt: addr=michael@stroeder.com; prefer-encrypt=mutual; keydata= mQENBFbdnRoBCADj0vYA4aRwKJ6AE4mf8oElLgMT/1eLNKpJ2FYBWcwj9d8dTk5/p9b8DRxy S/qQIUUZqt9xRFZwUCm0vFeQMRDeN9xzAKoRzrJifoDOacOjG1lhZTKYvVZGgUT89Ao3QeHh Q7gPzcAKNoueoR2y3FXStOYuRrbk5PlSjVAITjsotgc7PWE9mmVYpeu8a+byK/DBHKUyolOA 1UXYvDa7MbPhMtdNm8qnwtKs1Vsyk1VkErM+5cIe+zTT6WYQcmZMRjCtWGiFTzk9W6Mdlskk WRTKhKNgokTsgcy1ecaCBUZWxv/SyXgD81+rwRi9b8Px+1reg43ayxi8sV7jrI1feybbABEB AAG0J01pY2hhZWwgU3Ryw7ZkZXIgPG1pY2hhZWxAc3Ryb2VkZXIuY29tPokBNwQTAQgAIQUC Vt2dGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAH3HrjaovJOFpTCACjO773gcmJ KvzjiNpUFl/gANyaJgIq4VbMQ7VthRb1F9X6YbdJ6Z99ntyESjGFCpjofcSomr2vJDpv6ht+ lY33yo20YwsMpqe2OeId0jPybG+FtabKjgBNoAk7iqnBGUvE4t0dz0n1LQVCQR2jxyTKmcNq OYpsRZ3H+6kWwJMuVgsNZglINVZ8JgV5QuLYN5jhYz+pOuFnU11bV6nWREvzZXzebe7g7Zus 6AsWjtJ0lDvgBNzLlF3/eFrVch6Bejs0SvuFseIdZQk+4YU6Rb8xul/jDFXIfo7eTmijO3dV T5AmC1cUi8czncwpgAJnEH8vYv23RoN/aw2gSMCS2huIuQENBFbdnRoBCAC7L1cTVBVZZuM/ yxSUM5CsgGBlTD1Cr7C2ngZFsHSYXVLq6NUB8GZA2iLK96CrwnFw4/Jjz4llOjc50iVRMQKL RyFWOJAMrpPq2ew5T+Uoo524D//dwVbqkFVVuvM8NPiKIDyPGCjP+acM1D8hXwhOXgQ8Iz8Q 3/GRSYjitn9JrkF0ia2nhariznBKVu0LDffxF/hOCx45+QRR2/rYYlshfZMB7nEJX9P+hVfM CSzltz9Z8CldeUbiJvnyrISReR2XBw9oh8JkIUP0BtpIaify9A7EfzOk+W9BUnWe+YwdSUsB fJxOhSv+umyW5GMqZGFu+4oYnkzbe+1LUs1JarCtABEBAAGJAR8EGAEIAAkFAlbdnRoCGwwA CgkQB9x642qLyTjEUgf+JX6Atatl/QKe37yCj1OZYNPd3B0rPLJRF5mEmrADRXLZC9+uFeDS Wxxln040gnR6rjBHrRcvVmlTDiZY26iuL16+V+0/aZ9uyXNQSzk2cwDSiI/8gvr72Y+FN5fh cGXpeNHxHilYc9onzDhxyE76cwzqTKm4q2ULIH2u9IHQ5O86Fv6nHPYhe2fy1bhQapNwi/Xl 3G3i2WNH/w7m+1zWU1IddZOjmXzoxLT1BATwXGa0Tt5RjVb2mM1Wg3Zj6kqFkF2vvKcvrwj0 q0Ap5uyfN5m0uWzQMCMoaV9HQf7f5MkS1lnwBqDgnojjVAieX5uk7olUiRuPKHMfhvXulYP8 AA==
- Content-language: en-US
- In-reply-to: <FRAPR01MB0193C19A9FF50E04D16DA1E3D0390@FRAPR01MB0193.DEUPRD01.PROD.OUTLOOK.DE>
- References: <LEJPR01MB017032248F597DFB218E2B94D03E0@LEJPR01MB0170.DEUPRD01.PROD.OUTLOOK.DE> <13EAABA2D0CBE9297CA74B75@[192.168.1.144]> <9e3dae6b-cd82-f308-1632-e3ac0de07ba9@stroeder.com> <FRAPR01MB0193C19A9FF50E04D16DA1E3D0390@FRAPR01MB0193.DEUPRD01.PROD.OUTLOOK.DE>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
On 1/9/20 4:35 PM, Markus.Storm@t-systems.com wrote:
>> Define a new STRUCTURAL object class derived from different other
>> STRUCTURAL object classes.
>
> But that would mean to assign that new group to every entry that has
> 2 structural objectclasses today, wouldn't it?
Yes. But since you have to do an export/import anyway it's not a big
deal to create a simple LDIF filter script to add such a custom object
class.
> So it would require me to change the upstream data e.g. replace
> posixGroup by aeGroup and remove groupOfURLs (to stick with your
> example) and the application as there's applications to search for
> e.g. &(objectclass=posixGroup)(objectclass=groupOfURLs).
I don't exactly understand what you mean.
When using object class inheritance every filter for a SUP object class
also matches.
You can play with Æ-DIR's demo which has a public LDAP(S) port and test
how searching the group entries work:
https://www.ae-dir.com/demo.html
> And I would need to fix future entries on the fly (rwm module in
> replication??)
Using slapo-rwm would not work.
> Guess that won't work out, possibly still easier to work around this
> in the source code.
If you want to implement C code you could implement custom overlays and
do whatever you want.
Ciao, Michael.