[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Summary of dynamic groups



Ian Collins wrote:
On 05/26/10 02:40 PM, Howard Chu wrote:
Ian Collins wrote:
Hello again,

My earlier thread appears to have been hijacked, so I'm starting a new
one for the summary of my investigations.

My current understanding is as follows:

There are three overlays that can use yes to manage groups dynamically:
dynlist, autogroup and memberof.

    - dynlist works well for including members specified in a URL to the
result of a search on a group.  The dynamic members can not be included
in a search filter.

- autogroup works well for including members specified in a URL to the
result of a search on a group. The dynamic members can be included in a
search filter, but the only supported list attribute is 'member', which
limits its use.

That's false, you can configure it to use any attribute type.

No according to the read me:

        "The value<member-ad>  is the name of the attributeDescription that
          specifies the member attribute. User modification of this
attribute
          is disabled for consistency."

I could only et it to work with 'member'.  Even if I specified
'uniqueMember', 'member' was inserted.

Then there's something else interfering in your config. There is nothing in the autogroup code that gives preference to the "member" attribute. It uses the attribute type you configure, and nothing else. Of course, the objectclass you use must also allow the attribute type you chose.

The text you quote above merely states that whatever attribute you choose will no longer be user-modifiable; the member list will always contain only the dynamically-generated values.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/