Steven Bonneville wrote:
>One cool thing I've noticed while working on research for Red Hat's
>RH423 class: it turns out that Red Hat Directory Server allows you
>to assign an entry both the groupOfUniqueNames and posixGroup object
>classes at the same time!
>
>Strictly speaking this is a schema violation, since they are
>unrelated structural classes, but Directory Server does not enforce
>the rule that there can only be one structural class chain on an
>entry.
>
And just in case somebody is thinking of implementing structural
integrity checking in FDS/RHDS:
Please do not implement this like OpenLDAP did:
- without any prior warning
- without any run-time toggle to disable it
It takes time to get "broken" applications fixed, especially if they are
broken third-party applications,
so you need to be able to disable structural integrity checking on the
server side.
BR,
--
mike
