Michael Ströder wrote:
Pierangelo Masarati wrote:
> Michael Ströder wrote:
>
>>> Yes, slapo-memberof(5) does not consider the possibility of a subtree
>>> rename, and thus takes no care of it.
>> Would deploying slapo-refint be of help here?
>
> Could be. Did you try, by chance?
Hmm, does not work for me. Not sure about current state of HEAD and
order of my overlay config. I also wonder about parameter memberof-refint.
Ciao, Michael.
------------------- snip -------------------
Excerpt of slapd.conf:
overlay memberof
memberof-refint true
# Referential integrity checking
overlay refint
refint_attributes member manager owner seeAlso roleOccupant
refint_nothing cn=dummy
Probably you should have also listed "memberOf" among the refint attrs;
however, that attr is operational, so it might be that slapo-refint does
not set the appropriate flags to workaround no-user-mod attrs.
I'll give it a spin as well. In principle, referential integrity should
be delegated to slapo-refint, but I fear slapo-memberof will need to
reinvent the wheel...
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------