[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slow adds of member attribute in large groups

--On Monday, October 06, 2003 1:17 PM -0600 Alan Sparks <asparks@doublesparks.net> wrote:

Dynamic groups are something I've been dreaming about for some time (says
a lot about my life...).  Is there any available documentation describing
the implementation of such in OpenLDAP 2.2?

There is documentation in slapd.access on how to set up the ACL rules for a dynamic group... I can provide you an example here of what I've done for our testing purposes.

I created an ACL for a dynamic group called "cn=itss,cn=applications,dc=stanford,dc=edu"

The ACL looks like this:

by group/groupofurls/memberurl.base="cn=itss,cn=applications,dc=stanford,dc=ed

The cn=itss LDIF entry looks like this:

dn: cn=itss,cn=Applications,dc=stanford,dc=edu
objectClass: groupOfURLs
memberURL: ldap:///cn=accounts,dc=stanford,dc=edu??sub?sukrb4name=cadabra

(Cadabra is my test account)

In slapd.conf, you'll want to include:


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html