M. P. wrote: >> Why do you want to change group membership by tweaking 'memberOf' anyway? > > I want to permit a "two way" group membership management, something more > flexible. First by adding members to groups objects and the other way by > adding groups to users objects. I dont know if it is clear enough and if it is > doable like this. But I try. Yes, but why do you really need that? >> Note that this would somewhat circumvent access control delegation on >> group entries. > > Sorry, I don't understand this part. Your user and group entries could be subject to different access control. >> Hence you should always modify the group entries directly. > > Yes I can do this, but for flexibility I'm looking for a way to alter user > entries and that would be reflected on group entries. For sure it is > scriptable, I know, but maybe there is a solution more integrated and > modifications written instantaneously. Just mentioning flexibility is not a valid requirement and more flexibility always leads to additional complexity. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature