[Freeipa-devel] multi-valued cn in groups and memberOf?
Pete Rowley
prowley at redhat.com
Wed Nov 14 19:00:25 UTC 2007
Rob Crittenden wrote:
> Pete.
>
> If we have a group with a multi-valued CN how does memberOf deal with
> that?
>
> Does it create a separate memberOf for each one? Or does it use only
> the "first" CN, whatever that means?
>
> So if I have cn=doctors,cn=quacks,cn=groups,...
>
> And a member: uid=spock,cn=accounts,...
>
> If I do a memberOf what will I get back? That spock is a member of
> doctors, or quacks or both?
>
> This has implications on doing RDN changes. If we drop a CN I need to
> know what to expect when it comes to group membership. The
> uniquemembers field will be the same, of course, but what about memberOf?
memberof uses the dn, it doesn't care about anything else. If you drop a
cn that is part of the rdn then a) you have performed a mod dn op, and
b) the referential integrity plugin will take care of the change in
uniquemember and c) the memberof plugin will take care of it in memberof.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071114/cf73ea82/attachment.bin>
More information about the Freeipa-devel
mailing list