Re: memberOf attribute

[Pierangelo Masarati <masarati@aero.polimi.it>]

> Jeff Costlow wrote:
> 
> I think I've seen the "memberOf "attribute in both ADS and iPlanet.
> It appears to be the converse of "member", and I believe it gets
> updated when you add a member to a group.
> 
> Are there plans to add this sort of functionality into OpenLDAP?

I don't think so. It seems that the philosophy of LDAP (and of OpenLDAP) 
is not to muck with data, that is the server will hold any information
you send in, but it will not change it nor check its consistency
besides syntax and schema.  What you're talking about should better 
be done by a wise client.  Note that adding/deleting the DN of a group 
to an entry when the entry is listed as member of the group means
every entry should be update when a group is removed/renamed.  This
might
be accomplished very efficiently to some extent in case a "dynamic" 
membership is addressed (i.e. the ID of the DN is used instead of its
string representation, resulting in no change in case the group DN is 
modified and in a failed id2entry when a group is deleted).

> If not, is there anyother way I can quickly determine which groups a
> DN is a memberOf without doing a server-side search?

None I'm aware of.

Pierangelo.

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati