[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Finding all user groups without knowing how groups are defined

To: "Fu, Jing" <jing_fu@atlanta.stercomm.com>, <openldap-general@OpenLDAP.org>
Subject: Re: Finding all user groups without knowing how groups are defined
From: "Mark Wilcox" <mark@mjwilcox.com>
Date: Wed, 5 May 1999 23:27:59 -0500

Then this will be very very hard unless you are psychic (and if you are,
you'll probably make more $$ giving predictions over the phone ;).

Seriously, you are very limited. I think your best option is to look for
entries that entries that have a group in their name such as
groupofuniquemembers, groupofnames, groupofmembers, etc. You could also do a
lookup to find all of the organizational unit objectclass entries, then do a
search for all entries that have a particular ou valu.

Add an option so that the user can add/remove their own objectclasses to
specify as a "group" (e.g. they can department objectclass and remove
organizationalunit).

Netscape Directory Server basically supports this with their dynamic group
functionality (e.g. you provide a filter, it builds a group whose members
match the results).

Figure 80-95% of the time groups are going to be typical group*
objectclasses and provide some functionality to handle the exceptions by
allowing the end user to modify the query.

Mark
-----Original Message-----
From: Fu, Jing <jing_fu@atlanta.stercomm.com>
To: 'openldap-general@OpenLDAP.org' <openldap-general@OpenLDAP.org>
Date: Tuesday, May 04, 1999 11:10 AM
Subject: RE: Finding all user groups without knowing how groups are defined


>The trouble is, as I stated, I have no control on the schema or the data
>policy of the directories my software has to use.  I won't even know how
the
>directory would look like.  We are an ISV and our customers, not us, decide
>what the directory is structured and what it contains.
>
>Thanks,
>Jing
>
>> ----------
>> From: David E. Storey
>> Sent: Tuesday, May 04, 1999 10:52 AM
>> To: 'openldap-general@OpenLDAP.org'; Fu, Jing
>> Subject: Re: Finding all user groups without knowing how groups are
>> defined
>>
>> Fu, Jing posed:
>>
>> > Is there a way for a generic software to enumerate all the user groups
>> in a
>> > directory, without knowing how the groups are defined and how the
>> directory
>> > is structured?  I read from somewhere that there are at least 4
>> different
>> > schemes of defining user groups (or whatever groups):
>> >
> ....
>> >
>> > Another question is, how can I tell, efficiently, if a group is for
>> users or
>> > for something else like printers or other resources?
>>
>> This sounds like it would be best handled using objectclasses.  You could
>> create an object class called 'usergroup' and then associate your user
>> groups
>> with this class.  A search would be as simple as filtering on the
>> objectclass:
>>
>> ldapsearch -b dc=my,dc=domain objectclass=usergroup
>>
>> d!
>>
>

Prev by Date: Re: Migrating to new schema
Next by Date: Re: Foolish question
Index(es):
- Chronological
- Thread