[Date Prev][Date Next] [Chronological] [Thread] [Top]

Member-of plugin support for nested membership

To: openldap-technical@openldap.org
Subject: Member-of plugin support for nested membership
From: Mathias Gug <mathiaz@ubuntu.com>
Date: Wed, 29 Jul 2009 19:18:48 -0400
Content-disposition: inline
User-agent: Mutt/1.5.18 (2008-05-17)

Hi,

While discussing the possibility of using openldap in place of 389
directory in the FreeIPA project [1] the following technical detail was
mentioned. 

[1]: https://www.redhat.com/archives/freeipa-devel/2009-July/msg00333.html

According to the memberof overlay man page:

  The memberof overlay to slapd(8) allows automatic reverse group member‐
  ship maintenance.  Any time a group entry is modified, its members  are
  modified  as  appropriate  in  order to keep a DN-valued "is member of"
  attribute updated with the DN of the group.

Does the memberOf overlay deal with nested membership? Or is it
strictly a 1:1 relationship (forward pointer, reverse pointer)?

The 389 memberOf plug-in maintains reverse pointers for inherited
membership which IPA takes advantage of.

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

Prev by Date: Re: get_ava: illegal value with translucent proxy
Next by Date: Re: Radius authentication and storing passwords in cleartext
Index(es):
- Chronological
- Thread