[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute

To: openldap software <openldap-software@OpenLDAP.org>
Subject: Re: memberOf attribute
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 15 Nov 2001 19:45:16 +0100
Organization: stroeder.com
References: <A9601C3D40FBD3119E8000508BA5543601DB4420@f5-exchange1.win.net> <3BF40659.FBE0BE15@aero.polimi.it>

Pierangelo Masarati wrote:
> 
> > Jeff Costlow wrote:
> >
> > I think I've seen the "memberOf "attribute in both ADS and iPlanet.
> > It appears to be the converse of "member", and I believe it gets
> > updated when you add a member to a group.
> >
> > Are there plans to add this sort of functionality into OpenLDAP?
> 
> I don't think so. It seems that the philosophy of LDAP (and of OpenLDAP)
> is not to muck with data, that is the server will hold any information
> you send in, but it will not change it nor check its consistency
> besides syntax and schema.  What you're talking about should better
> be done by a wise client.

I would also not recommend to implement this at the client-side.
Changing group membership would require modifying two entries which
would have to be encapsulated in a transaction at the client's side.
Not to speak of concurrent access of misbehaving clients rewriting
old attributes and such.

Not sure how MS AD implements it. Probably not through LDAP I guess.

Ciao, Michael.

Follow-Ups:
- Re: memberOf attribute
  - From: Adam Tauno Williams <adam@morrison-ind.com>
- Re: memberOf attribute
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

References:
- memberOf attribute
  - From: Jeff Costlow <j.costlow@f5.com>
- Re: memberOf attribute
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: memberOf attribute
Next by Date: Re: memberOf attribute
Index(es):
- Chronological
- Thread