[jira] Commented: (JS2-1068) LDAP When last user is removed from a role a uniqueMember with uid=foobar is left

Fri, 19 Mar 2010 09:58:50 -0700 

    [ 
https://issues.apache.org/jira/browse/JS2-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847438#action_12847438
 ] 

Ate Douma commented on JS2-1068:
--------------------------------

This "problem" comes from the fact that LDAP GroupOfNames (or 
GroupOfUniqueNames) requires the member (or uniqueMember) attribute to have *a* 
value.
This issue is commonly regarded as a undesired restriction as it doesn't allow 
creating/maintaining empty entries of these types.
Most common solution or better workaround this is by providing a "dummy" or 
known value always, or by always using the entry own dn as default value.

The "uid=foobar" is just an example "default" required value configured in the 
security-ldap.xml assembly configuration, which you can change to something 
else if you want.

However, I'm going to provide an alternative solution which will allow you to 
use a predefined marker value, "#dn", which Jetspeed then will replace 
automatically with the current entry its full qualified dn itself.

> LDAP When last user is removed from a role a uniqueMember with uid=foobar is 
> left
> ---------------------------------------------------------------------------------
>
>                 Key: JS2-1068
>                 URL: https://issues.apache.org/jira/browse/JS2-1068
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: LDAP
>    Affects Versions: 2.2.0
>         Environment: Linux with the Fedora Directory Server
>            Reporter: Christopher Marshall
>            Assignee: Ate Douma
>            Priority: Minor
>             Fix For: 2.2.1
>
>
> When using the Jetspeed admin interface with Jetspeed configured to use LDAP 
> and the last user is disassociated or removed from a role Jetspeed does not 
> remove the uniqueMember attribute but instead changes the value to be 
> "uid=foobar".  This seems like a strange piece of trash to leave around in a 
> directory.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to