[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute

Pierangelo Masarati wrote:
> > Jeff Costlow wrote:
> >
> > I think I've seen the "memberOf "attribute in both ADS and iPlanet.
> > It appears to be the converse of "member", and I believe it gets
> > updated when you add a member to a group.
> >
> > Are there plans to add this sort of functionality into OpenLDAP?
> I don't think so. It seems that the philosophy of LDAP (and of OpenLDAP)
> is not to muck with data, that is the server will hold any information
> you send in, but it will not change it nor check its consistency
> besides syntax and schema.  What you're talking about should better
> be done by a wise client.

I would also not recommend to implement this at the client-side.
Changing group membership would require modifying two entries which
would have to be encapsulated in a transaction at the client's side.
Not to speak of concurrent access of misbehaving clients rewriting
old attributes and such.

Not sure how MS AD implements it. Probably not through LDAP I guess.

Ciao, Michael.