[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: questions about memberof-refint option
Le Sat, 21 Nov 2015 20:51:30 -0800,
Quanah Gibson-Mount <quanah@zimbra.com> a écrit :
> --On Sunday, November 22, 2015 12:20 AM +0100 "M. P."
> <kisscoolandthegangbang@hotmail.fr> wrote:
>
> > Le 2015-11-21 19:59, Quanah Gibson-Mount a écrit :
> >> --On Friday, November 20, 2015 2:59 PM +0100 "M. P."
> >> <kisscoolandthegangbang@hotmail.fr> wrote:
> >>
> >>> I want to permit a "two way" group membership management, something
> >>> more
> >>> flexible. First by adding members to groups objects and the other way
> >>> by
> >>> adding groups to users objects. I dont know if it is clear enough and
> >>> if
> >>> it is doable like this. But I try.
> >>
> >> Why not use dynamic groups?
> >
> > I'm not sure how dynamic groups could help me here.
>
> You just define groups based off an attribute in the user entry. Thus it
> is a single write op to update the membership for a given user, and the
> change in user membership is instant. If you do it sanely, you can
> trivially determine what groups a user belongs to by looking at the entry,
> and as long as the ldap client is using ldapcompare etc properly for group
> membership checks, it appears just like any "static" ldap group to the
> client.
It is not exactly what I'm looking for but I'll certainly use dynamic groups
later for something else.
To make it clearer, I have 2 users, userA and userB, and a group, groupA. If I
add a user by his dn uid=userA,ou... to cn=groupA, slapo-memberof will add to
userA an attribute isMemberOf=cn=groupA,ou... (isMemberOf is a modifiable
replacement for memberOf in my case).
What I want to make work is when I add an attribute isMemberOf=cn=groupA to
userB, then in cn=groupA I want to see an attibute member=uid=userB,ou... . Then
if for any reason I want to delete the group membership by removing
member=uid=userB,ou... from cn=groupA, it should remove the attribute
isMemberOf=cn=GroupA,ou... from uid=userB,ou...
>
> You can even use the memberOf attribute for creating the dynamic groups.
The memberof attribute is a readonly attribute. How could it be modified ?
>
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Platform Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
>