[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slow adds of member attribute in large groups





--On Monday, October 06, 2003 1:17 PM -0600 Alan Sparks <asparks@doublesparks.net> wrote:

Dynamic groups are something I've been dreaming about for some time (says
a lot about my life...).  Is there any available documentation describing
the implementation of such in OpenLDAP 2.2?
-Alan

There is documentation in slapd.access on how to set up the ACL rules for a dynamic group... I can provide you an example here of what I've done for our testing purposes.


I created an ACL for a dynamic group called "cn=itss,cn=applications,dc=stanford,dc=edu"

The ACL looks like this:

by group/groupofurls/memberurl.base="cn=itss,cn=applications,dc=stanford,dc=ed
u"


The cn=itss LDIF entry looks like this:

dn: cn=itss,cn=Applications,dc=stanford,dc=edu
objectClass: groupOfURLs
cn:itss
memberURL: ldap:///cn=accounts,dc=stanford,dc=edu??sub?sukrb4name=cadabra


(Cadabra is my test account)

In slapd.conf, you'll want to include:
dyngroup.schema

--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html