[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Does OpenLDAP 2.4 support nested group

Sent: Thu Jul 26 2012 06:43:13 GMT-0400 (EDT)
From: Qian Zhang <zhq527725@gmail.com>
To: openldap-technical@openldap.org
Subject: Does OpenLDAP 2.4 support nested group

I'd like to know in OpenLDAP 2.4, if I create a group (objectClass is
posixGroup), is it possible that I create another group as the member
of this group?
Or I have to do this with group which has groupOfNames as its objectClass?


You can use the 'dynlist' overlay to do this.
With dynlist, you basically add the 'groupOfURLs' objectClass to an entry, and then add a 'memberUrl' attribute which points to another entry (needs a full DN path, not just the group name). The attributes of that other entry are included in the first one, so you basically get nested group support. However it only goes one level deep (so a memberUrl of that other entry is not evaluated).