Re: Problem making refint_nothing working
Le 2015-11-20 08:26, Michael Ströder a écrit :
M. P. wrote:
> I'm not sure I understand "user modification requests" well. By user,
> do you
> mean the person who manipulate the directory or an object of "type"
> user ?
This term is used for normal LDAP modify requests coming from a LDAP
client
external to slapd.
It's clear now
> If I have memberof overlay activated and it changes the uid's memberof
> attribute, isn't it a user modification request (by memberof overlay)
> ?
Every modification done by an overlay is internal.
It's clear too
> I've tested refint another way. I removed the user (identified by uid)
> from
> the directory.
> When the user is deleted, refint_nothing works and replaces the last
> member
> with the placeholder (I also have some debug information in logs). I
> thought
> that refint_nothing would also work when a modification is done on one
> of
> refint attributes.
In this case slapo-refint's own modification is internal and therefore
refint_nothing applys. But it does apply when the modification comes
from an
external LDAP client.
Isn't there a "not" missing in the last sentence ?
Thinking about the empty-groupOfNames-problem some more I consider to
define a
cn=dummy value to be always present in groupOfNames entries and apply
val-based ACLs to make it invisible and unremovable for normal clients
(even
the ones maintaining the groups).
Yep, I thought about some trick like this. I thought also about the
modification of the groupOfNames objectClass but this one does not have
the preference of my manager :)
I have to find now how to add automaticcally a user to a group. ;)
Ciao, Michael.
Thanks for the clarifications.
--
------------
M. P.