Staying on list benefits more people...
Lokesh Taxali wrote:
Thanks a lot for the information. I now have some more knowledge about
this issue and am a bit more confused! Please can you throw some more
light on this:
If we use the Sun LDAP server, the settings as specified in our Web App
Container (Websphere) are:
groupfilter: objectclass=groupofuniquenames
groupmemberIDmap - groupofuniquenames : uniquemember
and the corresponding Java compares the ID of the result set attribute
to "member".
The Sun schema apparently uses groupofuniquenames per RFC 2256.
If we use the Domino LDAP server, the Web App Container is configured as:
groupfilter: objectclass=DominoGroup
groupmemberIDmap - DominoGroup : member
and the corresponding Java compares the ID of the result set attribute
to "uniqueMember".
The Domino schema uses a custom class (DominoGroup) that incorporates a
standard attribute (member).
These settings work, only problem is that if LDAP server is changed we
have to change the Java code too.
Unfortunately standards aren't good enough for everyone.
I am not sure how to interpret the
above given what you said last:
"(objectclass=groupofnames) implies the use of member
(objectclass=groupofuniquenames) implies the use of uniquemember"
Could you possibly offer any assistance re this?
Hopefully the above clears it up a bit.
Yet more bad news: handling the variations among implementations like
you want to do is no more trivial than the understanding the businesses
and organizations that proffer their solutions. This is exactly why I've
chosen to compartmentalize implementation specifics to individual
packages to be referenced in application context definitions.
http://www.mentata.com/ldaphttp/
And of course, as torchbearing standards go OpenLDAP is dang good.
Thank you,
De nada.
Jon Roberts
www.mentata.com
----- Original Message ----
From: Jon Roberts <[EMAIL PROTECTED]>
To: Lokesh Taxali <[EMAIL PROTECTED]>
Cc: [email protected]
Sent: Friday, January 12, 2007 2:07:08 PM
Subject: Re: [ldap] uniqueMember vs member
Lokesh Taxali wrote:
> I have some Java code in a web app that programatically accesses an LDAP
> server to retrieve user names in a given group. When traversing the
> SearchResult results object,
Using JLDAP, I would hope :)
> I query for the member's name using the
> attribute ID "member" - however if the application is deployed on a
> different LDAP server like Domino then I have to use "uniqueMember". Is
> there a programatic way of finding out what string to use for attribute
> ID, so I dont have to keep changing between 'member' and 'uniqueMember'
> each time the app is deployed differently.
Assuming the server's schema is based on RFC 2256, for any entry:
(objectclass=groupofnames) implies the use of member
(objectclass=groupofuniquenames) implies the use of uniquemember
Jon Roberts
www.mentata.com <http://www.mentata.com/>
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
