Re: Searching LDAP for group members, and listing their (complete) entries

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 01:54 PM 10/3/00 -0700, Rudolf Nottrott, NCEAS wrote:
>I would like to be able to set up a group like in the example "test1"
>below, then find everybody in group test1, and finally show all their names
>and data.  I'm guessing this could be done either in an LDAP client or the
>LDAP server, but I'm not at all sure. 

The LDAP model is for the client to fetch the group entry and, if
desires to, obtain the listed members.

>Would somebody please tell me whether this kind of capability is inherent
>within the LDAP scheme, and if so
>- whether my LDIF entries below are the right approach to do this;

Seems okay to me.

>- whether there are clients that would allow a search for group test1, with
>the client returning a list of two members, i.e. Peter Gordon and Fred
>Smith, with an option of retrieving other information from their entries
>(e.g. mail),
>if so, can you name a client(s) capable of doing this;

Folks on the perldap list were chatting about such a client
today... I'm sure there are many others...  you can easily
write your own...  It's just a matter of issuing a few
search requests...

>- or whether this is something typically done on a server.

Not typically.... (in fact, I'm not aware of any LDAP extension
to support such).

>Is what I'm asking too much like what relational databases usually do,

 From the server, yes.

>rather than what LDAP is designed for?  It's still pretty simple, isn't it?

A lot of things seem pretty simple if you think only in the
context of a single client/server system... but LDAP provides
access to a global directory... the server providing the group
entry may have zero ability to obtain members on behalf of the
client.

Kurt