directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject Re: adding a group without members on create
Date Tue, 15 May 2007 19:58:49 GMT
On 5/15/07, Alex Karasulu <akarasulu@apache.org> wrote:
> Ersin,
>
> I do not think this is a good idea.  This will violate the expected behavior
> associated with this objectClass.

Yes, but as this is reported as an issue specific to ApacheDS by
Atlassian, that means this issues does not exist in other servers (or
in some of them). So that's why I suggested. Otherwise I do never
suggest schema violations in fact. I am a strict spec guy :-)

> The best approach is probably what
> Stefan recommended with a dummy user or to just use the admin user
> as the initial member.
>
> BTW this is what we do in Triplesec when creating various groups: use the
> admin user DN as the initial user for a new group.
>
> Alex
>
> On 5/15/07, Ersin Er <ersin.er@gmail.com> wrote:
> >
> > Why not just try to change the schema? Change the attribute to be
> > optional instead of required. BTW, it's very easy to do schema
> > manipulations with ApacheDS 1.5.
> >
> > On 5/15/07, Justen Stepka <jstepka@jstepka.name> wrote:
> > > The addGroup functionality in Crowd does not currently correctly
> > > implement an approach to add a user to ApacheDS. The issue here is
> > > that according the RFC-2256 the groupOfUniqueNames Object Class
> > > requires that the uniquemember field cannot be left blank (ie it is a
> > > required field).
> > >
> > > Currently our code is trying to get around this by adding a blank
> > > string into this field, but ApacheDS even with this approach does not
> > > allow this.
> > >
> > > Currently I do not have a solution beyond providing some kind of user
> > > picker on the add group page, so a person can choose a member to add
> > > to this group. However, we still need to take into account adding
> > > groups via our SOAP interface and also via the importers.
> > >
> > > http://jira.atlassian.com/browse/CWD-318
> > >
> > > I am wondering if there is a way that we can create a group with
> > > Apache DS and not have to provide any initial members so the group? If
> > > I put in an empty string I then need to know to ignore the empty
> > > uniquemember when processing the attributes on a search.
> > >
> > > Cheers,
> > >
> > > Justen
> > >
> > > --
> > > Justen Stepka
> > > http://www.jstepka.name/blog/
> > >
> >
> >
> > --
> > Ersin
> >
>


-- 
Ersin

Mime
View raw message