[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Summary of dynamic groups
- To: openldap-technical@openldap.org
- Subject: Summary of dynamic groups
- From: Ian Collins <ian@ianshome.com>
- Date: Wed, 26 May 2010 13:59:58 +1200
- User-agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.1.7) Gecko/20100131 Lightning/1.0b1 Thunderbird/3.0.1
Hello again,
My earlier thread appears to have been hijacked, so I'm starting a new
one for the summary of my investigations.
My current understanding is as follows:
There are three overlays that can use yes to manage groups dynamically:
dynlist, autogroup and memberof.
- dynlist works well for including members specified in a URL to the
result of a search on a group. The dynamic members can not be included
in a search filter.
- autogroup works well for including members specified in a URL to the
result of a search on a group. The dynamic members can be included in a
search filter, but the only supported list attribute is 'member', which
limits its use.
- memberof works well for reverse group management, including group dn
in the entries for group members. It only works with DN-values
attributes, so it can't be used with clients that expect POSIX group
members to be listed by 'memberUid' rather than 'member'.
From the above, I don't see a way to use OpenLDAP in an existing
environment where dynamic groups are searched for by members and don't
list their members with the 'member' attribute.
Please tell me I'm wrong (and how)!
Thanks,
--
Ian.