--On Monday, January 3, 2022 6:14 PM +0100 Michael Ströder
<[email protected]> wrote:
On 1/3/22 18:03, Quanah Gibson-Mount wrote:
In general, "memberUID" is for use with posix groups (NOT LDAP groups).
But again, it's generally deficient since it cannot discern between two
different entries with the same UID. I.e.:
dn: uid=joe,ou=employees,dc=example,dc=com
uid: joe
dn: uid=joe,ou=students,dc=example,dc=com
uid: joe
But slapo-unique could be used to enforce uniqueness of 'uid' attribute.
It could, but it still doesn't fix the fact that *LDAP* groups are made up
of DNs, not random attribute:value pairs.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
