[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: questions about memberof-refint option



--On Sunday, November 22, 2015 12:20 AM +0100 "M. P." <kisscoolandthegangbang@hotmail.fr> wrote:

Le 2015-11-21 19:59, Quanah Gibson-Mount a écrit :
--On Friday, November 20, 2015 2:59 PM +0100 "M. P."
<kisscoolandthegangbang@hotmail.fr> wrote:

I want to permit a "two way" group membership management, something
more
flexible. First by adding members to groups objects and the other way
by
adding groups to users objects. I dont know if it is clear enough and
if
it is doable like this. But I try.

Why not use dynamic groups?

I'm not sure how dynamic groups could help me here.

You just define groups based off an attribute in the user entry. Thus it is a single write op to update the membership for a given user, and the change in user membership is instant. If you do it sanely, you can trivially determine what groups a user belongs to by looking at the entry, and as long as the ldap client is using ldapcompare etc properly for group membership checks, it appears just like any "static" ldap group to the client.

You can even use the memberOf attribute for creating the dynamic groups.


--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration