[Date Prev][Date Next] [Chronological] [Thread] [Top]

Summary of dynamic groups



Hello again,

My earlier thread appears to have been hijacked, so I'm starting a new one for the summary of my investigations.

My current understanding is as follows:

There are three overlays that can use yes to manage groups dynamically: dynlist, autogroup and memberof.

- dynlist works well for including members specified in a URL to the result of a search on a group. The dynamic members can not be included in a search filter.

- autogroup works well for including members specified in a URL to the result of a search on a group. The dynamic members can be included in a search filter, but the only supported list attribute is 'member', which limits its use.

- memberof works well for reverse group management, including group dn in the entries for group members. It only works with DN-values attributes, so it can't be used with clients that expect POSIX group members to be listed by 'memberUid' rather than 'member'.

From the above, I don't see a way to use OpenLDAP in an existing environment where dynamic groups are searched for by members and don't list their members with the 'member' attribute.

Please tell me I'm wrong (and how)!

Thanks,

--
Ian.