> >>>> product, it really does want that attribute with DNs. It seems that > >>>> most LDAP implementations (he cited Domino and Active Directory) > >>>> provide that attribute. It does keep our product from working with > >>>> OpenDirectory and the default OpenLDAP schema, though > >>>> Thank you both (Adam and Vulpes) for your help and comments > >>> Why, both of these provide "groupOfNames/member" by default. > >> Well, to be more specific, it keeps our product from working with > >> them out of the box, because those attributes aren't populated by > >> default > > I don't understand this statement: "because those attributes aren't > > populated by default". Why would an application care how the > > values get > > created? And this schema [if that is what you mean] is there by > > default and has been for a long time. > Maybe I'm misunderstanding something fundamental about LDAP. > I think that LDAP is a hierarchical database where its objects are > defined by arbitrary string/string pairs (attributes/values).
Wrong, attribute/values are not string/string pairs. > I think > that a schema is a map of the attributes that may (or must) exist on > a given type of object. In part, yes. Attributes themselves also have schema, including data type and if they are single valued. Attribute schema can actually be quite "smart" (see "component matching") > When I say that "these values are not populated by default," I mean > that the attributes required by the groupOfNames schema (namely > 'member') are not present by default on LDAP groups in OpenLDAP. I still have no idea what "not present by default on LDAP groups in OpenLDAP" means. They are there if they are there, and not if they aren't. > That > is, if I ask an OpenLDAP posixGroup for 'member', I will not get back > a multi-valued attribute called 'member' that contains a list of the > DNs of its members. No, you will get back a set of uids. But posixGroup isn't groupOfNames, so I don't know why you are bothering to compare these two things. > When I look for groupOfNames in (on FreeBSD) /usr/local/etc/openldap/ > schema, I see a definition in core.schema that looks like this: > objectclass ( 2.5.6.9 NAME 'groupOfNames' > DESC 'RFC2256: a group of names (DNs)' > SUP top STRUCTURAL > MUST ( member $ cn ) > MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ > description ) ) Yep; and it doesn't matter where you look at groupOfNames, this is standard schema. It is the same everywhere. > Does this class mean anything other than what it says here? No. > Since my > response that "these attributes aren't populated by default" doesn't > make sense to you, does that mean that LDAP provides significantly > more than arbitrary string/string pairs for its objects? Yes. > Does a given > 'schema' (if I'm even using the word correctly) have 'smarts' that > allows it to interact more complicatedly than just storing a bunch of > strings? Yes. And don't forget about overlays; they can make allot of things automatic. > Do I have a whole lot more reading to do? :) Yes. --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
