[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Member-of plugin support for nested membership
Hi,
While discussing the possibility of using openldap in place of 389
directory in the FreeIPA project [1] the following technical detail was
mentioned.
[1]: https://www.redhat.com/archives/freeipa-devel/2009-July/msg00333.html
According to the memberof overlay man page:
The memberof overlay to slapd(8) allows automatic reverse group member‐
ship maintenance. Any time a group entry is modified, its members are
modified as appropriate in order to keep a DN-valued "is member of"
attribute updated with the DN of the group.
Does the memberOf overlay deal with nested membership? Or is it
strictly a 1:1 relationship (forward pointer, reverse pointer)?
The 389 memberOf plug-in maintains reverse pointers for inherited
membership which IPA takes advantage of.
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com