Re: Rép. : Re: Dynlist and dyngroup

["Pierangelo Masarati" <ando@sys-net.it>]

,
>>
>> In which schema can I found the groupAttr attribute ?
>
> There is no such thing as "groupAttr".  The point was you can use *any*
> attribute as the group-specific attribute, whether it is in a pre-defined
> schema, or a custom schema of your choosing.

Quanah was just exemplifyinmg the possible usage of a dynamic group as
opposed to a static one.

If you use a static group, you simply define an object that lists as
"member" or whatever you like the DN of the members.

If you use a dynamic group, you define an object that lists as "memberURL"
or whatever you like the rules to compute the DN of the members.  Since
"memberURL" is basically an URL, you define, for each of them, the
(internal: you can't put a hostname) search that computes the member,
which is made of a base, a scope and a filter.  In the filter, you can put
whatever selects objects that are member of the group.  Quanah suggested
using some attribute that qualifies membership, but anything can be used;
for example:

dn: cn=Added December 2005,ou=Groups,dc=example,dc=com
objectClass: groupOfURLs
cn: Added December 2005
memberURL:
ldap:///ou=People,dc=example,dc=com??sub?(createTimestamp>=20051201000000Z)

lists people added in december 2005.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it



Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------