[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: memberOf attribute: part of LDAP v3 standard ?
Right.
You could add objectClass groupOfNames (defined in core.schema) to your
inetOrgPerson definition to pick up the "member" attribute:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixaccount
objectClass: shadowaccount
objectClass: groupOfNames
uid: reitsma
cn: Charlie Reitsma
givenName: Charlie
sn: Reitsma
mail: reitsmac@airius.com
uidNumber: 1000
gidNumber: 10
homeDirectory: /export/home/reitsma
loginShell: /bin/tcsh
member: cn=sysadmin,ou=groups,dc=airius,dc=com
member: cn=staff,ou=groups,dc=airius,dc=com
It's up to you to keep it in sync with any groups defined in
ou=groups,dc=airius,dc=com if that is needed. If you want to list the groups
an individual is a member of without populating a member attribute then there
is an algorithm published in the appendix of "Draft Best Practices for
Directory Groups" found at http://middleware.internet2.edu/dir/groups/
Yves Robin wrote:
>
> So:
>
> 1) memberOf attribute is not part of the basic LDAP v3 schema,
> 2) but if memberOf attribute is in a LDAP server schema, then
> ldapsearching that server for entities with attribute list including
> memberOf is correct
> and should return associated value(s).
>
> Right ?
>
> Yves
>
> -----Original Message-----
> From: Adam Williams [mailto:awilliam@whitemice.org]
> Sent: Tuesday, April 30, 2002 1:13 PM
> To: Yves Robin
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: memberOf attribute: part of LDAP v3 standard ?
>
> >It seems that, depending on the LDAP server (openldap, Active Directory,
> >Netscape, ...), a ldapsearch query can (or not)return the memberOf
> >attribute, as part of the list of returned attributes.
>
> >Is this attribute part of LDAP v3 standard or not?
>
> Well sort of, if the attribute is defined in someones schema with a
> valid OID. But the behavior you describe I'm pretty certain isn't.
>
> >Do all the LDAP servers should support such computed-on-the-fly attribute?
>
> No.