On 6/6/22 18:09, Quanah Gibson-Mount wrote:
--On Monday, June 6, 2022 7:06 PM +0200 Michael Ströder michael@stroeder.com wrote:
On 6/6/22 17:35, Quanah Gibson-Mount wrote:
--On Monday, June 6, 2022 5:19 PM +0200 Michael Ströder michael@stroeder.com wrote:
Like it or not, for strictly matching POSIX group names you *must* distinguish these values no matter what the LDAP matching rule says:
memberOf: cn=Foo,ou=1,dc=example,dc=com memberOf: cn=foo,ou=2,dc=example,dc=com
This is your personal interpretation based on focusing on the DN matching rule.
That is not an "interpretation". Those are literally two completely different entries as they exist in entirely different namespaces. The first is in ou=1, the second is in ou=2.
Welcome to the wonderful world of heterogenous systems integration. Your LDAP server is not the only system. And matching entries during a search and returning values are two different things.
Ciao, Michael.