Skip to Content.
Sympa Menu

grouper-users - RE: [MACE-Dir] RE: [grouper-users] eduMember objectclass definition

Subject: Grouper Users - Open Discussion List

List archive

RE: [MACE-Dir] RE: [grouper-users] eduMember objectclass definition


Chronological Thread 
  • From: "Klug, Lawrence" <>
  • To: "Cantor, Scott" <>, Keith Hazelton <>, "" <>
  • Cc: mace-dir <>
  • Subject: RE: [MACE-Dir] RE: [grouper-users] eduMember objectclass definition
  • Date: Mon, 11 Jun 2012 22:35:23 +0000
  • Accept-language: en-US

Okay, that's clear enough. The original problem happened during LDAP
provisioning caused by a name conflict with a system attribute "isMemberOf"
in Sun Directory.

--Larry

-----Original Message-----
From: Cantor, Scott
[mailto:]

Sent: Friday, June 08, 2012 1:54 PM
To: Klug, Lawrence; Keith Hazelton;

Cc: mace-dir
Subject: Re: [MACE-Dir] RE: [grouper-users] eduMember objectclass definition

On 6/8/12 1:47 PM, "Klug, Lawrence"
<>
wrote:
>
>I have a possible naïve response to your initial question. Are OIDs
>typically used in LDAP schema for identifiers?

AFAIK, all LDAP deals with in protocol terms is OIDs.

> I've seen them used in Shibboleth configuration files, and that makes
>sense since Shibboleth typically traverses federations.

That isn't why, that only requires unique names. We adopted OIDs, with my
prodding, because LDAP and X.500 attributes are defined only by OID and 90%
of what we do is pass around such attributes.

Using them is unambiguous in connecting the use of LDAP-defined attributes to
a SAML construct, and makes everybody equally unhappy, which seems to be the
only way to resolve a naming argument in a finite period of time.

FWIW, I agree with Keith's point.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page