Michael Ströder wrote:
Pierangelo Masarati wrote:
Michael Ströder wrote:
Yes, slapo-memberof(5) does not consider the possibility of a subtree rename, and thus takes no care of it.
Would deploying slapo-refint be of help here?
Could be. Did you try, by chance?
Hmm, does not work for me. Not sure about current state of HEAD and order of my overlay config. I also wonder about parameter memberof-refint.
Ciao, Michael.
------------------- snip ------------------- Excerpt of slapd.conf:
overlay memberof memberof-refint true
# Referential integrity checking overlay refint refint_attributes member manager owner seeAlso roleOccupant refint_nothing cn=dummy
Probably you should have also listed "memberOf" among the refint attrs; however, that attr is operational, so it might be that slapo-refint does not set the appropriate flags to workaround no-user-mod attrs.
I'll give it a spin as well. In principle, referential integrity should be delegated to slapo-refint, but I fear slapo-memberof will need to reinvent the wheel...
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------