[Date Prev][Date Next] [Chronological] [Thread] [Top]

Member-of plugin support for nested membership



Hi,

While discussing the possibility of using openldap in place of 389
directory in the FreeIPA project [1] the following technical detail was
mentioned. 

[1]: https://www.redhat.com/archives/freeipa-devel/2009-July/msg00333.html

According to the memberof overlay man page:

  The memberof overlay to slapd(8) allows automatic reverse group member‐
  ship maintenance.  Any time a group entry is modified, its members  are
  modified  as  appropriate  in  order to keep a DN-valued "is member of"
  attribute updated with the DN of the group.

Does the memberOf overlay deal with nested membership? Or is it
strictly a 1:1 relationship (forward pointer, reverse pointer)?

The 389 memberOf plug-in maintains reverse pointers for inherited
membership which IPA takes advantage of.

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com