Re: Using memberOf overlay with groups that contain uids, not DNs

[ÐÐÐÐÐÐÐÐÐ ÐÐÐÑÐÐ ÐÐÐÐÑÐÐÐÑÐÐÐÑ <mudraia@list.ru>]

On Thu, 31 Mar 2011 16:08:54 +0300
Oliver Beattie <oliver@obeattie.com> wrote:

> Hi,
> 
> I realise the documentation for slapo-memberof indicate that this isn't
> possible, but I thought it worthwhile asking here anyway â is it possible to
> use the memberOf overlay with groups that use memberUid as their membership
> attributes, rather than user DNs?
> 
> We have a large existing LDAP database that has thousands of groups like
> this, and would very much like to use slapo-memberof.
> 
> Any pointers (positive or negative) much appreciated â just so I know for
> definite.
> 
> âOliver
Hi, Oliver!

memberOf can only be used with DN-valued attributes in the group objects. But you may think about your user entries as a "lists" and use an excelent Dynamic Lists overlay to search group objects, which have the memberUid attribute equal to uid of your member object.
But then you have to insert into each user account the labeledURI attribute with search request like this: ldap:///ou=groups,dc=domain,dc=com??sub?(&(objectClass=posixGroup)(memberUid=MYUID))/
This would be work but in a large directory it may dramatically decrease overall performance.