12 Aug
2015
12 Aug
'15
7:54 a.m.
On Fri, Aug 07, 2015 at 01:46:42AM +0500, Aneela Saleem wrote:
So which objectClass best suits for this situation?
If you want to have groups that are easy to adminster and are capable of being empty then you should consider groupOfEntries. A quick scan through the Apache Ranger docs suggests that you can configure the group class and group search so this may well work. You will need to add the groupOfEntries class to your LDAP server schema as it is not likely to be there by default.
On Fri, Aug 7, 2015 at 1:42 AM, Michael Ströder michael@stroeder.com wrote:
Or rather ietf-ldapext *WG* should make progress with draft-findlay-ldap-groupofentries... ;-)
You can use the class defined in that draft even if IETF don't officially endorse it. Copy attached to this message.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------