[email protected] wrote: > Thanks Michael for that idea. But that would mean to assign that new group to > every entry that has 2 structural objectclasses today, wouldn't it?
New objectclass, not new group. > So it would require me to change the upstream data e.g. replace posixGroup by > aeGroup and remove groupOfURLs No need to remove groupOfURLs. > (to stick with your example) and the application as there's applications to > search for e.g. > &(objectclass=posixGroup)(objectclass=groupOfURLs). No need to change applications, since the new objectclass would satisfy both of those filters. > And I would need to fix future entries on the fly (rwm module in > replication??) > > Guess that won't work out, possibly still easier to work around this in the > source code. > Any opinions on that from people to know the source better than I do ? > > Best regards > Markus > >> -----Original Message----- >> From: Michael Ströder <[email protected]> >> Sent: Thursday, January 9, 2020 9:56 AM >> To: Storm, Markus <[email protected]>; openldap- >> [email protected] >> Subject: Re: structural objectclass checking >> >> On 1/8/20 7:07 PM, Quanah Gibson-Mount wrote: >>> --On Wednesday, January 8, 2020 3:25 PM +0000 >>> [email protected] >>> wrote: >>> >>>> is there a way to disable OpenLDAP checking entries for existence of >>>> STRUCTURAL objectclasses? >>> >>> No. This is a hard requirement. The best option would be to fix the >>> bad data in your upstream system. >> >> One possibility to fix this: >> Define a new STRUCTURAL object class derived from different other >> STRUCTURAL object classes. >> >> E.g. in Æ-DIR I'm using this to provide hybrid posixGroup entries serving RFC >> 2307 and RFC 2307bis groups: >> >> ( 1.3.6.1.4.1.5427.1.389.100.6.1 >> NAME 'aeGroup' >> DESC 'AE-DIR: Group entry' >> SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) >> STRUCTURAL >> MUST description >> MAY ( aeMemberZone $ aeDept $ aeLocation ) ) >> >> This works because unlike other LDAP directory servers OpenLDAP supports >> multiple class inheritance. >> >> Ciao, Michael. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
