RSS feed

Re: Why use uniqueMember instead of member?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Why use uniqueMember instead of member?

On Fri, 2011-04-01 at 13:37 +0200, Matthijs Kooijman wrote:
> If the extra identifier is not used, why is uniqueMember used in the
> first place? Why not just use "member" [5], which is defined to just
> contain a dn?

nss-pam-ldapd uses the uniqueMember attribute by default mostly because
PADL's nss_ldap does (after all it started as a fork from nss_ldap and
was meant to be mostly a drop-in replacement). I think uniqueMember was
mentioned in earlier versions of Internet Draft

Perhaps switching to member instead of uniqueMember can be done for the
0.8 series of nss-pam-ldapd. The last (now also expired) version of the
mentioned Internet Draft also switches to the member attribute.

I personally don't use uniqueMember or member (except for some tests)
because it introduces an extra LDAP lookup for each group member and
also for reverse lookups but I would be interested to head from anyone
who does use it.

-- arthur - - --
To unsubscribe send an email to or see