shouldn't be an issue, cause most of the time we inject a dummy
member/uniqueMemeber at the
time of creating an entry with groupOf(Unique)Names
and otoh, changing MUST to MAY is tolerable than the other way around
On Sat, Jul 27, 2013 at 2:23 AM, Richard Sand rs...@idfconnect.com wrote:
Hi all - I know this topic is a rehash of an age old debate, whether
groupOfNames/groupOfUniqueNames should allow the member/uniquemember
attributes to be empty. Many LDAP vendors allow empty groups (all from the
Netscape lineage, CA Directory, AD) but that breaks RFC-compliance. So just
from a practical standpoint, if I want my LDAP to behave this way, is there
any runtime problem with changing the schema to make this attributes MAY
instead of MUST? I tried it and a cursory test seems ok so far.
Best regards,
Richard
--
Kiran Ayyagari
http://keydap.com