directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: adding a group without members on create
Date Tue, 15 May 2007 19:16:27 GMT
Ersin,

I do not think this is a good idea.  This will violate the expected behavior

associated with this objectClass.  The best approach is probably what
Stefan recommended with a dummy user or to just use the admin user
as the initial member.

BTW this is what we do in Triplesec when creating various groups: use the
admin user DN as the initial user for a new group.

Alex

On 5/15/07, Ersin Er <ersin.er@gmail.com> wrote:
>
> Why not just try to change the schema? Change the attribute to be
> optional instead of required. BTW, it's very easy to do schema
> manipulations with ApacheDS 1.5.
>
> On 5/15/07, Justen Stepka <jstepka@jstepka.name> wrote:
> > The addGroup functionality in Crowd does not currently correctly
> > implement an approach to add a user to ApacheDS. The issue here is
> > that according the RFC-2256 the groupOfUniqueNames Object Class
> > requires that the uniquemember field cannot be left blank (ie it is a
> > required field).
> >
> > Currently our code is trying to get around this by adding a blank
> > string into this field, but ApacheDS even with this approach does not
> > allow this.
> >
> > Currently I do not have a solution beyond providing some kind of user
> > picker on the add group page, so a person can choose a member to add
> > to this group. However, we still need to take into account adding
> > groups via our SOAP interface and also via the importers.
> >
> > http://jira.atlassian.com/browse/CWD-318
> >
> > I am wondering if there is a way that we can create a group with
> > Apache DS and not have to provide any initial members so the group? If
> > I put in an empty string I then need to know to ignore the empty
> > uniquemember when processing the attributes on a search.
> >
> > Cheers,
> >
> > Justen
> >
> > --
> > Justen Stepka
> > http://www.jstepka.name/blog/
> >
>
>
> --
> Ersin
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message