[Fedora-directory-users] Directory Server capabilities
Howard Chu
hyc at symas.com
Sat Sep 15 11:21:18 UTC 2007
> From: "Clowser, Jeff (Contractor)" <jeff_clowser fanniemae com>
> Date: Fri, 14 Sep 2007 14:58:53 -0400
> I have a question about capabilities in the Fedora/RH Directory server:
>
> First, can it do dynamic groups as Novell eDirectory does (or is there any
> effort to add this):
> http://support.novell.com/techcenter/articles/ana20020405.html
Just fyi, the Novell guys have also published this spec as an Internet Draft.
http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
The spec is full of flaws, however, as discussed here:
http://www.openldap.org/lists/ietf-ldapext/200702/threads.html
If this approach to dynamic groups is of interest to you, you should probably
get involved in the discussion and give some feedback.
> Basically, it's similar to the groupofURL's that is supported by the RH/Sun
> directory server, but when the group is retrieved, dn's for entries that
> match the ldap url dynamic criteria is returned added to the uniquemember
> attribute, and you can do searches/compares on the uniquemember attribute
> that includes dynamic members.
Note that uniqueMember is a useless attribute in LDAP. Likewise the
NameAndOptionalUID syntax (which is the syntax of uniqueMember) is totally
misused in LDAP and should be avoided by modern software.
> I realise there are some significant performance considerations with this,
> but for modest use, it would really be useful. (FWIW, I asked a similar
> question when FDS first was released, but didn't have another product to
> point to as a comparable implementation at the time. Haven't looked at FDS
> for a while, so I'm hoping some things might have changed :) )
As a footnote, OpenLDAP supports some of the less controversial features of
dynamic groups and has for quite some time already...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Fedora-directory-users
mailing list