Re: LDAP and netgroup.byhost / netgroup.byuser

From: prg (rdgentry1_at_cablelynx.com)
Date: 12/21/04 

Date: 20 Dec 2004 19:22:50 -0800

Kevin Collins wrote:
> In article <slrncseapd.jal.spamtotrash@halo.unix-guy.com>, Kevin
Collins wrote:
[snip]
>
> Following-up myself again :) I decided to just try modifying the
schema and
> restart slapd. It is now working as expected, both with and without
escaping of
> parenthesis. I added EQUALITY and SUBSTR entries "borrowed" from
> memberNisNetgroup and now have:
>
> attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
> DESC 'Netgroup triple'
> EQUALITY caseExactIA5Match
> SUBSTR caseExactIA5SubstringsMatch
> SYNTAX 1.3.6.1.1.1.0.0 )
>
> Anyone know if that is a "correct" thing to do?
>
> Thanks,
>
> Kevin

I don't know if it's "correct" but I was just getting prepared to
suggest trying something like this via an auxiliary object of some
sort.

Turns out this attribute type is rather unique -- especially the syntax
oid. There is no oid "decsended" below it or near it. OID
"corruption" is the only thing I can think of offhand, so you may want
to run it by someone on the OpenLDAP list that's more familiar with the
technicalities. BTW, while looking at this attribute I noted quite a
few others without stated matching rules -- something else to look into
;-)

I asssume you just changed the definition in your files. Could there
be a way to "extend" the original object cleanly so you can readily add
this "feature" to any server? My instinct says that is the "correct"
way, but I'm not sure how you go about it.

At any rate, you have something to work with now and can make sure
everything works as you need it to. And just in time for the holidays
:-)

Good cheer,
prg
email above disabled