[Date Prev][Date Next]
Re: memberOf attribute
Pierangelo Masarati wrote:
> > Jeff Costlow wrote:
> > I think I've seen the "memberOf "attribute in both ADS and iPlanet.
> > It appears to be the converse of "member", and I believe it gets
> > updated when you add a member to a group.
> > Are there plans to add this sort of functionality into OpenLDAP?
> I don't think so. It seems that the philosophy of LDAP (and of OpenLDAP)
> is not to muck with data, that is the server will hold any information
> you send in, but it will not change it nor check its consistency
> besides syntax and schema. What you're talking about should better
> be done by a wise client.
I would also not recommend to implement this at the client-side.
Changing group membership would require modifying two entries which
would have to be encapsulated in a transaction at the client's side.
Not to speak of concurrent access of misbehaving clients rewriting
old attributes and such.
Not sure how MS AD implements it. Probably not through LDAP I guess.