directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: adding a group without members on create
Date Tue, 15 May 2007 20:07:26 GMT
:) heh yeah I know you're a strictly spec guy that's why I was surprised.

Although reported as a ApacheDS specific issue this may just be due to
lack of information about the behavior of other LDAP servers.  I'm sure
other LDAP servers behave in the same manner when schema checking
is enabled.  Hence I think it is incorrect to presume this is ADS specific.

Alex

On 5/15/07, Ersin Er <ersin.er@gmail.com> wrote:
>
> On 5/15/07, Alex Karasulu <akarasulu@apache.org> wrote:
> > Ersin,
> >
> > I do not think this is a good idea.  This will violate the expected
> behavior
> > associated with this objectClass.
>
> Yes, but as this is reported as an issue specific to ApacheDS by
> Atlassian, that means this issues does not exist in other servers (or
> in some of them). So that's why I suggested. Otherwise I do never
> suggest schema violations in fact. I am a strict spec guy :-)
>
> > The best approach is probably what
> > Stefan recommended with a dummy user or to just use the admin user
> > as the initial member.
> >
> > BTW this is what we do in Triplesec when creating various groups: use
> the
> > admin user DN as the initial user for a new group.
> >
> > Alex
> >
> > On 5/15/07, Ersin Er <ersin.er@gmail.com> wrote:
> > >
> > > Why not just try to change the schema? Change the attribute to be
> > > optional instead of required. BTW, it's very easy to do schema
> > > manipulations with ApacheDS 1.5.
> > >
> > > On 5/15/07, Justen Stepka <jstepka@jstepka.name> wrote:
> > > > The addGroup functionality in Crowd does not currently correctly
> > > > implement an approach to add a user to ApacheDS. The issue here is
> > > > that according the RFC-2256 the groupOfUniqueNames Object Class
> > > > requires that the uniquemember field cannot be left blank (ie it is
> a
> > > > required field).
> > > >
> > > > Currently our code is trying to get around this by adding a blank
> > > > string into this field, but ApacheDS even with this approach does
> not
> > > > allow this.
> > > >
> > > > Currently I do not have a solution beyond providing some kind of
> user
> > > > picker on the add group page, so a person can choose a member to add
> > > > to this group. However, we still need to take into account adding
> > > > groups via our SOAP interface and also via the importers.
> > > >
> > > > http://jira.atlassian.com/browse/CWD-318
> > > >
> > > > I am wondering if there is a way that we can create a group with
> > > > Apache DS and not have to provide any initial members so the group?
> If
> > > > I put in an empty string I then need to know to ignore the empty
> > > > uniquemember when processing the attributes on a search.
> > > >
> > > > Cheers,
> > > >
> > > > Justen
> > > >
> > > > --
> > > > Justen Stepka
> > > > http://www.jstepka.name/blog/
> > > >
> > >
> > >
> > > --
> > > Ersin
> > >
> >
>
>
> --
> Ersin
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message