Le 2015-11-21 19:59, Quanah Gibson-Mount a écrit :--On Friday, November 20, 2015 2:59 PM +0100 "M. P." <kisscoolandthegangbang@hotmail.fr> wrote:I want to permit a "two way" group membership management, something more flexible. First by adding members to groups objects and the other way by adding groups to users objects. I dont know if it is clear enough and if it is doable like this. But I try.Why not use dynamic groups?I'm not sure how dynamic groups could help me here.
You just define groups based off an attribute in the user entry. Thus it is a single write op to update the membership for a given user, and the change in user membership is instant. If you do it sanely, you can trivially determine what groups a user belongs to by looking at the entry, and as long as the ldap client is using ldapcompare etc properly for group membership checks, it appears just like any "static" ldap group to the client.
You can even use the memberOf attribute for creating the dynamic groups. --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration