[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: questions about memberof-refint option



M. P. wrote:
>> Why do you want to change group membership by tweaking 'memberOf' anyway?
> 
> I want to permit a "two way" group membership management, something more
> flexible. First by adding members to groups objects and the other way by
> adding groups to users objects. I dont know if it is clear enough and if it is
> doable like this. But I try.

Yes, but why do you really need that?

>> Note that this would somewhat circumvent access control delegation on
>> group entries.
> 
> Sorry, I don't understand this part.

Your user and group entries could be subject to different access control.

>> Hence you should always modify the group entries directly.
> 
> Yes I can do this, but for flexibility I'm looking for a way to alter user
> entries and that would be reflected on group entries. For sure it is
> scriptable, I know, but maybe there is a solution more integrated and
> modifications written instantaneously.

Just mentioning flexibility is not a valid requirement and more flexibility
always leads to additional complexity.

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature