[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slow adds of member attribute in large groups
--On Monday, October 06, 2003 1:17 PM -0600 Alan Sparks
<asparks@doublesparks.net> wrote:
Dynamic groups are something I've been dreaming about for some time (says
a lot about my life...). Is there any available documentation describing
the implementation of such in OpenLDAP 2.2?
-Alan
There is documentation in slapd.access on how to set up the ACL rules for a
dynamic group... I can provide you an example here of what I've done for
our testing purposes.
I created an ACL for a dynamic group called
"cn=itss,cn=applications,dc=stanford,dc=edu"
The ACL looks like this:
by
group/groupofurls/memberurl.base="cn=itss,cn=applications,dc=stanford,dc=ed
u"
The cn=itss LDIF entry looks like this:
dn: cn=itss,cn=Applications,dc=stanford,dc=edu
objectClass: groupOfURLs
cn:itss
memberURL: ldap:///cn=accounts,dc=stanford,dc=edu??sub?sukrb4name=cadabra
(Cadabra is my test account)
In slapd.conf, you'll want to include:
dyngroup.schema
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html