I have a question about the "member" attribute for groups.

According to the documentation of Active Directory, this attribute can
contain "user, group, and contact objects" -

In RFC 4519, this attribute contains "distinguished names of objects",
objects aren't typed - https://tools.ietf.org/html/rfc4519#page-11

In documentation of eDirectory, "a Group object represents a set of User
objects" - http://tinyurl.com/k3h2tuh

Also, if we put a DN of a group in the member attribute of another
group, that is a violation of group definition in eDirectory, correct?

This question is about synchronization between an eDirectory and an
Active Directory.


lgallet's Profile: https://forums.netiq.com/member.php?userid=5343
View this thread: https://forums.netiq.com/showthread.php?t=52796