Re: Why use uniqueMember instead of member?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Why use uniqueMember instead of member?
Date: Sun, 03 Apr 2011 20:36:48 +0200

On Fri, 2011-04-01 at 13:37 +0200, Matthijs Kooijman wrote:
> If the extra identifier is not used, why is uniqueMember used in the
> first place? Why not just use "member" [5], which is defined to just
> contain a dn?

nss-pam-ldapd uses the uniqueMember attribute by default mostly because
PADL's nss_ldap does (after all it started as a fork from nss_ldap and
was meant to be mostly a drop-in replacement). I think uniqueMember was
mentioned in earlier versions of Internet Draft
draft-howard-rfc2307bis-??.txt.

Perhaps switching to member instead of uniqueMember can be done for the
0.8 series of nss-pam-ldapd. The last (now also expired) version of the
mentioned Internet Draft also switches to the member attribute.

I personally don't use uniqueMember or member (except for some tests)
because it introduces an extra LDAP lookup for each group member and
also for reverse lookups but I would be interested to head from anyone
who does use it.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

Why use uniqueMember instead of member?, Matthijs Kooijman
- Re: Why use uniqueMember instead of member?, Arthur de Jong

Prev by Date: Why use uniqueMember instead of member?
Next by Date: Schema to add hostname property to accounts for pam_authz_search?
Previous by thread: Why use uniqueMember instead of member?
Next by thread: Schema to add hostname property to accounts for pam_authz_search?