Grouper Users - Open Discussion List

["Klug, Lawrence" <>]

Okay, that's clear enough.  The original problem happened during LDAP 
provisioning caused by a name conflict with a system attribute "isMemberOf" 
in Sun Directory.  

--Larry

-----Original Message-----
From: Cantor, Scott 
[mailto:]
 
Sent: Friday, June 08, 2012 1:54 PM
To: Klug, Lawrence; Keith Hazelton; 

Cc: mace-dir
Subject: Re: [MACE-Dir] RE: [grouper-users] eduMember objectclass definition

On 6/8/12 1:47 PM, "Klug, Lawrence" 
<>
 wrote:
>
>I have a possible naïve response to your initial question.  Are OIDs 
>typically used in LDAP schema for identifiers?

AFAIK, all LDAP deals with in protocol terms is OIDs.

>  I've seen them used in Shibboleth configuration files, and that makes 
>sense since Shibboleth typically traverses federations.

That isn't why, that only requires unique names. We adopted OIDs, with my 
prodding, because LDAP and X.500 attributes are defined only by OID and 90% 
of what we do is pass around such attributes.

Using them is unambiguous in connecting the use of LDAP-defined attributes to 
a SAML construct, and makes everybody equally unhappy, which seems to be the 
only way to resolve a naming argument in a finite period of time.

FWIW, I agree with Keith's point.

-- Scott