[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attribute: part of LDAP v3 standard ?

Subject: Re: memberOf attribute: part of LDAP v3 standard ?
From: Charlie Reitsma <reitsmac@denison.edu>
Date: Tue, 30 Apr 2002 14:52:36 -0400
Cc: openldap-software@OpenLDAP.org
References: <FEELKOJLNJOFOIMCNLHOMEEFCNAA.yves@reefedge.com>

Right.
You could add objectClass groupOfNames (defined in core.schema) to your
inetOrgPerson definition to pick up the "member" attribute:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixaccount
objectClass: shadowaccount
objectClass: groupOfNames
uid: reitsma
cn: Charlie Reitsma
givenName: Charlie
sn: Reitsma
mail: reitsmac@airius.com
uidNumber: 1000
gidNumber: 10
homeDirectory: /export/home/reitsma
loginShell: /bin/tcsh
member: cn=sysadmin,ou=groups,dc=airius,dc=com
member: cn=staff,ou=groups,dc=airius,dc=com

It's up to you to keep it in sync with any groups defined in
ou=groups,dc=airius,dc=com if that is needed.  If you want to list the groups
an individual is a member of without populating a member attribute then there
is an algorithm published in the appendix of "Draft Best Practices for
Directory Groups" found at http://middleware.internet2.edu/dir/groups/

Yves Robin wrote:
> 
> So:
> 
> 1) memberOf attribute is not part of the basic LDAP v3 schema,
> 2) but if memberOf attribute is in a LDAP server schema, then
>    ldapsearching that server for entities with attribute list including
> memberOf is correct
>    and should return associated value(s).
> 
> Right ?
> 
> Yves
> 
> -----Original Message-----
> From: Adam Williams [mailto:awilliam@whitemice.org]
> Sent: Tuesday, April 30, 2002 1:13 PM
> To: Yves Robin
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: memberOf attribute: part of LDAP v3 standard ?
> 
> >It seems that, depending on the LDAP server (openldap, Active Directory,
> >Netscape, ...), a ldapsearch query can (or not)return the memberOf
> >attribute, as part of the list of returned attributes.
> 
> >Is this attribute part of LDAP v3 standard or not?
> 
> Well sort of,  if the attribute is defined in someones schema with a
> valid OID.  But the behavior you describe I'm pretty certain isn't.
> 
> >Do all the LDAP servers should support such computed-on-the-fly attribute?
> 
> No.

References:
- RE: memberOf attribute: part of LDAP v3 standard ?
  - From: "Yves Robin" <yves@reefedge.com>

Prev by Date: Re: Unix auth via LDAP & now need to add Samba!
Next by Date: Re: Unix auth via LDAP & now need to add Samba!
Index(es):
- Chronological
- Thread