[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf as misuse of data model

On 01/20/2012 06:49 AM, Mathieu MILLET wrote:
Le 20.01.2012 00:45, Howard Chu a Ãcrit :
Felipe Augusto van de Wiel wrote:



On 19-01-2012 15:14, Howard Chu wrote:
Dunno. IMO most people using memberOf are misusing the data model
anyway, so it's of little interest.

Out of curiosity (and because I do try to avoid misusing the data
model), why in your opinion memberOf represents a misuse?

There are two common operations on a group: list all the members, and
see if user X is a member of a group. For the first case, just
retrieve the group entry and look at its member attribute. For the
second case, just do a Compare on the group and test the member
attribute against the user's DN.

I could see a 3rd use case : User management.
When you administer the profile of a user, you simply query the LDAP
entry of the user and you get all of his information, including the
complete list of his groups (with a single LDAP request).

That's a use case, and I recon that it can be achieved by performing one
more LDAP request to lookup for group membership of this particular user.

base: <suffix>
scope: subordinate
filter: (&(ou=groupOfNames)(member=<dn>))
attrs: 1.1

does the trick.

Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano