Grouper Users - Open Discussion List

[Peter Schober <>]

* Imholz, John J. 
<>
 [2011-03-25 14:16]:
> We'd like to start publishing (not with NG yet) to LDAP groups.  We
> use OpenLDAP which by default requires one "member" in a
> groupOfNames.
> 
> Since I think we'd like to use "hasMember" what are our options?
> Edit the objectClass  groupOfNames?  (from MUST to MAY  "member")
> Is there another alternative? or is that what most people do?

groupOfNames with member is a standard object class. There is no gain
in adding (or changing) "member" to "hasMember". Also, changing "MUST
member" to MAY is nonstandard and may break with updates etc. (though
many certainly wished it had been defined that way, since now you'll
have to work around this in code, i.e. delay group creation until the
first member is added; alternatively always add some default member,
e.g. the rootdn, to every group to satisfy the MUST criteria).

What are the funktional requirements for any of the desired changes?
-peter