Hallvard B Furuseth wrote:

ando@OpenLDAP.org writes:

...

memberof.c NONE -> 1.1

Your 'memberOf' attribute definition says { "( 1.2.840.113556.1.2.102 " (...) "EQUALITY distinguishedNameMatch " /* added */ "USAGE directoryOperation " /* questioned */ /* "NO-USER-MODIFICATION " */ "X-ORIGIN 'iPlanet Delegated Administrator' )", Why iPlanet? 1.2.840.113556 is Microsoft.

I've found that string on the 'net.

What happens if some of Microsoft's schema has already been imported?

Right now it complains and bails out. This needs to be "refined", of course. OTOH that attribute, with the above definition, cannot be loaded from file, so it has to be defined internally somehow (dsaschema?).

I didn't find it at microsoft's site, but I found an old one (which I have not tested) at http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema/Attic/microsof...

That's pretty unusable, since it starts by redefining objectClass "top" according to AD's requirements, so I wouldn't worry about it. That's probably the weakest part of my work. The "right" solution, if no one has a better idea, is to define our own "is member of" attribute. I think Kurt, at some point while discussion this topic ages ago, came out with an alternative definition, but I couldn't find that message (if I remember it right at all).

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------