[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: questions about memberof-refint option



--On Sunday, November 22, 2015 12:20 AM +0100 "M. P." <kisscoolandthegangbang@hotmail.fr> wrote:
Le 2015-11-21 19:59, Quanah Gibson-Mount a écrit :
--On Friday, November 20, 2015 2:59 PM +0100 "M. P."
<kisscoolandthegangbang@hotmail.fr> wrote:

I want to permit a "two way" group membership management, something
more
flexible. First by adding members to groups objects and the other way
by
adding groups to users objects. I dont know if it is clear enough and
if
it is doable like this. But I try.
Why not use dynamic groups?
I'm not sure how dynamic groups could help me here.
You just define groups based off an attribute in the user entry.  Thus it 
is a single write op to update the membership for a given user, and the 
change in user membership is instant.  If you do it sanely, you can 
trivially determine what groups a user belongs to by looking at the entry, 
and as long as the ldap client is using ldapcompare etc properly for group 
membership checks, it appears just like any "static" ldap group to the 
client.
You can even use the memberOf attribute for creating the dynamic groups.


--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration