[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute

>>>I think I've seen the "memberOf "attribute in both ADS and
>>>iPlanet. It appears to be the converse of "member", and I believe it gets
>>>updated when you add a member to a group.
>>>Are there plans to add this sort of functionality into OpenLDAP?
>>I don't think so. It seems that the philosophy of LDAP (and of
>>OpenLDAP) is not to muck with data, that is the server will hold any
>>information you send in, but it will not change it nor check its consistency
>>besides syntax and schema.  What you're talking about should better
>>be done by a wise client.
>I would also not recommend to implement this at the client-side.
>Changing group membership would require modifying two entries which
>would have to be encapsulated in a transaction at the client's side.
>Not to speak of concurrent access of misbehaving clients rewriting
>old attributes and such.
>Not sure how MS AD implements it. Probably not through LDAP I guess.

If you were using something like the back-sql module you could use the
referential integrity (and triggers, etc...) of the database, yes?

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW
Grand Rapids, MI. 49505