Arthur de Jong <adej...@debian.org> 2010-07-29 22:53: > On Tue, 2010-07-27 at 18:17 -0700, Quanah Gibson-Mount wrote: > > In any case, adding an ORDERING rule for them breaks the RFC's, and > > OpenLDAP does its best to remain RFC compliant in core features. I would > > suggest filing a new RFC that updates the rules for these attributes. > > You may be interested in this: > http://tools.ietf.org/html/draft-howard-rfc2307bis-02 > > Though it has not seen much activity lately and the status is somewhat > unclear. > > -- > -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
Goodie, I was wondering how I would go about starting an RFC. Seemed a bit intimidating for such a simple thing as allowing an ordering constraint :) In the meantime I've hacked up a solution for us that adds locally defined attributes that do include the ORDERING constraint to all local account and groups objects which are generated from a database. Now people can put filters like this in their libnss-ldap.conf: nss_base_group ou=Group,o=Local?one?localGID>=1000 Thanks, Brian
signature.asc
Description: Digital signature