empty membership in groupofnames/groupofuniquenames

[Richard Sand]

Hi all - I know this topic is a rehash of an age old debate, whether 
groupOfNames/groupOfUniqueNames should allow the member/uniquemember attributes 
to be empty. Many LDAP vendors allow empty groups (all from the Netscape 
lineage, CA Directory, AD) but that breaks RFC-compliance. So just from a 
practical standpoint, if I want my LDAP to behave this way, is there any 
runtime problem with changing the schema to make this attributes MAY instead 
of MUST? I tried it and a cursory test seems ok so far. 

Best regards,

Richard

Re: empty membership in groupofnames/groupofuniquenames

[Kiran Ayyagari]

shouldn't be an issue, cause most of the time we inject a dummy
member/uniqueMemeber at the
time of creating an entry with groupOf(Unique)Names

and otoh, changing MUST to MAY is tolerable than the other way around


On Sat, Jul 27, 2013 at 2:23 AM, Richard Sand rs...@idfconnect.com wrote:

 Hi all - I know this topic is a rehash of an age old debate, whether
 groupOfNames/groupOfUniqueNames should allow the member/uniquemember
 attributes to be empty. Many LDAP vendors allow empty groups (all from the
 Netscape lineage, CA Directory, AD) but that breaks RFC-compliance. So just
 from a practical standpoint, if I want my LDAP to behave this way, is there
 any runtime problem with changing the schema to make this attributes MAY
 instead of MUST? I tried it and a cursory test seems ok so far.

 Best regards,

 Richard






-- 
Kiran Ayyagari
http://keydap.com