[openssh-lpk] OpenLDAP referential integrity and posixGroup requirement for LPK
66 views
Skip to first unread message
SJ
May 18, 2010, 5:51:04 PM5/18/10
to openssh-lpk
Hi All,
OpenLDAP now supports a referential integrity module that allows auto-
clean up of group memberships when a DN is removed. This module only
supports clean-up of attributes that hold the whole DN. So, when a
user is removed, refint will clean-up all "member" values of the
removed DN that are part of "groupbyName" objects but not
"memberUID" (from posixGroup) because "member" contains whole DN
whereas "memberUID" does not.
So can I please request a feature to support "groupbyName" objects for
membership checking in openssh-lpk along with "member" attribute
support instead of posixGroup/memberUID requirement?
This will make it really easy to maintain LDAP group memberships.
Thanks!
--
You received this message because you are subscribed to the Google Groups "openssh-lpk" group.
To post to this group, send email to opens...@googlegroups.com.
To unsubscribe from this group, send email to openssh-lpk...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openssh-lpk?hl=en.
OpenLDAP now supports a referential integrity module that allows auto-
clean up of group memberships when a DN is removed. This module only
supports clean-up of attributes that hold the whole DN. So, when a
user is removed, refint will clean-up all "member" values of the
removed DN that are part of "groupbyName" objects but not
"memberUID" (from posixGroup) because "member" contains whole DN
whereas "memberUID" does not.
So can I please request a feature to support "groupbyName" objects for
membership checking in openssh-lpk along with "member" attribute
support instead of posixGroup/memberUID requirement?
This will make it really easy to maintain LDAP group memberships.
Thanks!
--
You received this message because you are subscribed to the Google Groups "openssh-lpk" group.
To post to this group, send email to opens...@googlegroups.com.
To unsubscribe from this group, send email to openssh-lpk...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openssh-lpk?hl=en.
Eric Auge
May 24, 2010, 12:55:25 PM5/24/10
to opens...@googlegroups.com
This is very interesting, is this form the latest OpenLDAP release?!
eric.
eric.
Reply all
Reply to author
Forward
0 new messages