You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Richard Sand <rs...@idfconnect.com> on 2013/07/26 22:53:00 UTC

empty membership in groupofnames/groupofuniquenames

Hi all - I know this topic is a rehash of an age old debate, whether groupOfNames/groupOfUniqueNames should allow the member/uniquemember attributes to be empty. Many LDAP vendors allow empty groups (all from the Netscape lineage, CA Directory, AD) but that breaks RFC-compliance. So just from a practical standpoint, if I want my LDAP to behave this way, is there any runtime problem with changing the schema to make this attributes "MAY" instead of "MUST"? I tried it and a cursory test seems ok so far. 

Best regards,

Richard

Re: empty membership in groupofnames/groupofuniquenames

Posted by Kiran Ayyagari <ka...@apache.org>.

shouldn't be an issue, cause most of the time we inject a dummy
member/uniqueMemeber at the
time of creating an entry with groupOf(Unique)Names

and otoh, changing MUST to MAY is tolerable than the other way around


On Sat, Jul 27, 2013 at 2:23 AM, Richard Sand <rs...@idfconnect.com> wrote:

> Hi all - I know this topic is a rehash of an age old debate, whether
> groupOfNames/groupOfUniqueNames should allow the member/uniquemember
> attributes to be empty. Many LDAP vendors allow empty groups (all from the
> Netscape lineage, CA Directory, AD) but that breaks RFC-compliance. So just
> from a practical standpoint, if I want my LDAP to behave this way, is there
> any runtime problem with changing the schema to make this attributes "MAY"
> instead of "MUST"? I tried it and a cursory test seems ok so far.
>
> Best regards,
>
> Richard
>
>
>
>


-- 
Kiran Ayyagari
http://keydap.com