Regardless of the implementation (which is not visible from the interface), the memberOf attribute contains a list of group and groupOfNames objects of which the object is a member. The server maintains the integrity of the respective member and memberOf attribute values when objects are added, moved or deleted.
This makes it simple toi answer the question, "of what groups is the object a member?"
--------------------------
Sent from Michael Liben's wireless handheld
-----Original Message-----
From: Luke Howard <lukeh@padl.com>
To: Liben, Michael (GTI)
CC: simo <idra@samba.org>; Howard Chu <hyc@highlandsun.com>; ldapext@ietf.org <ldapext@ietf.org>
Sent: Thu Sep 20 00:44:59 2007
Subject: Re: [ldapext] Nested group
Liben, Michael (GTI) wrote:
> In Active Directory, Microsoft maintains 'back link' attributes. One of
> these is memberOf. When an object is added or removed from a group, a
> process runs that updates the back link attribute on the object. If the
> member object is moved or deleted, another process updates the group's
> member attribute accordingly.
>
This isn't quite correct. Linked references are maintained in a separate
table in the DIB, and returned dynamically at search time. The
background process you're referring to handles references (linked or
not) to entries in non-local partitions.
-- Luke
--
www.padl.com | www.lukehoward.com
_______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext