grouper-users - RE: [grouper-users] eduMember objectclass definition
Subject: Grouper Users - Open Discussion List
List archive
- From: "Klug, Lawrence" <>
- To: Keith Hazelton <>, "" <>
- Cc: mace-dir <>
- Subject: RE: [grouper-users] eduMember objectclass definition
- Date: Wed, 6 Jun 2012 20:03:44 +0000
- Accept-language: en-US
Keith,
Thanks for the response. Your comments make sense to me -- let's see what
the LDAP admin thinks about it.
Cheers,
Lawrence
-----Original Message-----
From: Keith Hazelton
[mailto:]
Sent: Tuesday, June 05, 2012 12:11 PM
To: Klug, Lawrence;
Cc: mace-dir
Subject: Re: [grouper-users] eduMember objectclass definition
Lawrence,
Sometimes coincidence is spooky. I just had an exchange of emails with Tom
Zeller about this issue earlier today, and it was the first time I had
thought about it in a long time.
We could revive that draft, which is still on the shelf, though a little
dusty. There are counter-arguments having to do with the need to support both
eduIsMemberOf and isMemberOf, and distinguish them with different OIDs. I'd
like to see a little discussion on the Grouper and MACE-Dir mailing lists
before going ahead.
One perhaps naive starter question from me: Since the isMemberOf attribute
has a unique OID, 1.3.6.1.4.1.5923.1.5.1.1, does it really matter what name
you associate with it in your LDAP schema? I believe that you could give it a
custom name in your directory, and as long as the OID is as above, nothing
bad happens. If you are expressing group memberships in federated contexts,
then there is a SAML profile for how to do this. Again, no impact on your
internal directory schema. Am I missing something?
--Keith
-----
On the eduMember object class and the isMemberOf and hasMember attributes,
see:
http://middleware.internet2.edu/dir/docs/internet2-mace-dir-ldap-group-membership-200507.html
and
http://middleware.internet2.edu/dir/docs/internet2-mace-dir-group-membership-200507.html
______________
On 06/05/12, "Klug, Lawrence" wrote:
>
>
>
>
> Hi,
>
>
>
> We recently upgraded to OUD for our enterprise directory. Unfortunately,
> the eduMember attribute isMemberOf has name conflict with a system
> attribute name. Our workaround has been a custom objectclass.
>
>
>
> I’m wondering if others in the community have faced this issue and
> what solutions they have used.
>
> There was a new draft on eduMember some time ago where this issue is
> addressed.
>
> isMemberOf changes name to eduIsMemberOf and hasMember changes name to
> eduHasMember.
>
> https://spaces.internet2.edu/download/attachments/2309/eduMember-201108-draft-00.html
>
> Has this been finalized?
>
>
>
> Thanks,
>
>
>
> Lawrence Klug
>
> IMS Platform Development
>
> 310 825-2061
>
> ext 52061
- [grouper-users] eduMember objectclass definition, Klug, Lawrence, 06/05/2012
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: [grouper-users] eduMember objectclass definition, Keith Hazelton, 06/05/2012
- RE: [grouper-users] eduMember objectclass definition, Klug, Lawrence, 06/06/2012
- RE: [grouper-users] eduMember objectclass definition, Klug, Lawrence, 06/08/2012
- Message not available
- RE: [MACE-Dir] RE: [grouper-users] eduMember objectclass definition, Klug, Lawrence, 06/11/2012
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
Archive powered by MHonArc 2.6.16.