--On Friday, July 21, 2017 10:53 AM -0400 Douglas Duckworth dod2014@med.cornell.edu wrote:
limits group/posixGroup/memberUid="cn=admins,ou=group,dc=server,dc=domain" size=unlimited time=unlimited
Though I am still hitting the limit.
Hi Douglas,
It would probably be worthwhile to dig into LDAP schema to understand attribute definitions, matching rules, etc.
To start, memberUid is a string type. It's not a DN type:
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
As opposed to member, which is specifically a DN type:
attributetype: ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName )
attributetype: ( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com