Re: slow adds of member attribute in large groups

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, October 06, 2003 1:17 PM -0600 Alan Sparks 
<asparks@doublesparks.net> wrote:

> Dynamic groups are something I've been dreaming about for some time (says
> a lot about my life...).  Is there any available documentation describing
> the implementation of such in OpenLDAP 2.2?
> -Alan

There is documentation in slapd.access on how to set up the ACL rules for a 
dynamic group... I can provide you an example here of what I've done for 
our testing purposes.

I created an ACL for a dynamic group called 
"cn=itss,cn=applications,dc=stanford,dc=edu"

The ACL looks like this:

by 
group/groupofurls/memberurl.base="cn=itss,cn=applications,dc=stanford,dc=ed
u"

The cn=itss LDIF entry looks like this:

dn: cn=itss,cn=Applications,dc=stanford,dc=edu
objectClass: groupOfURLs
cn:itss
memberURL: ldap:///cn=accounts,dc=stanford,dc=edu??sub?sukrb4name=cadabra


(Cadabra is my test account)

In slapd.conf, you'll want to include:
dyngroup.schema

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html