re: Directory Server capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> From: "Clowser, Jeff (Contractor)" <jeff_clowser fanniemae com>
> Date: Fri, 14 Sep 2007 14:58:53 -0400


I have a question about capabilities in the Fedora/RH Directory server:

First, can it do dynamic groups as Novell eDirectory does (or is there any
effort to add this): http://support.novell.com/techcenter/articles/ana20020405.html 

Just fyi, the Novell guys have also published this spec as an Internet Draft.
http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02

The spec is full of flaws, however, as discussed here:
http://www.openldap.org/lists/ietf-ldapext/200702/threads.html
If this approach to dynamic groups is of interest to you, you should probably get involved in the discussion and give some feedback. 


Basically, it's similar to the groupofURL's that is supported by the RH/Sun
directory server, but when the group is retrieved, dn's for entries that
match the ldap url dynamic criteria is returned added to the uniquemember
attribute, and you can do searches/compares on the uniquemember attribute
that includes dynamic members.
Note that uniqueMember is a useless attribute in LDAP. Likewise the NameAndOptionalUID syntax (which is the syntax of uniqueMember) is totally misused in LDAP and should be avoided by modern software. 


I realise there are some significant performance considerations with this,
but for modest use, it would really be useful.  (FWIW, I asked a similar
question when FDS first was released, but didn't have another product to
point to as a comparable implementation at the time.  Haven't looked at FDS
for a while, so I'm hoping some things might have changed :)  )
As a footnote, OpenLDAP supports some of the less controversial features of dynamic groups and has for quite some time already... 
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux