Re: OpenLDAP memberof plugin and Samba4
Andrew Bartlett wrote:
When I add invalid member to a group, OpenLDAP returns
LDAP_CONSTRAINT_VIOLATION <adding non-existing object as group member>,
but AD returns error 32, LDAP_NO_SUCH_OBJECT for this situation.
Hmm, this is a result of a modify operation for which an additional
constraint is enforced. So I think the error code returned by OpenLDAP
is correct. Because the entry to be modified really exists it would be
wrong to return LDAP_NO_SUCH_OBJECT.
Would it be reasonable to change this, or could it be made
configurable.
I'd even recommend not to enable this by configuration.
(it might be nobody ever looks at
this, but I don't like to make that assumption).
I'm nitpicking here because my web2ldap has a special exception handler
for dealing with LDAP_NO_SUCH_OBJECT (automagically lookup SRV RR for
dc-style DNs etc).
Ciao, Michael.