Le 2015-11-21 17:32, Michael Ströder a écrit :
M. P. wrote:Why do you want to change group membership by tweaking 'memberOf' anyway?I want to permit a "two way" group membership management, something more flexible. First by adding members to groups objects and the other way by adding groups to users objects. I dont know if it is clear enough and if it isdoable like this. But I try.Yes, but why do you really need that?
I'm trying but I don't know how to explain you that differently :/It's just for the support guys. If they alter group entries that should be reflected on the user (that is the case with slapo-memberof). If they alter user entries that should be reflected on the group (the opposite of slapo-memberof).
Note that this would somewhat circumvent access control delegation on group entries.Sorry, I don't understand this part.Your user and group entries could be subject to different access control.
Ok. I'm aware of this point but thanks for the reminder. ;)
Hence you should always modify the group entries directly.Yes I can do this, but for flexibility I'm looking for a way to alter userentries and that would be reflected on group entries. For sure it is scriptable, I know, but maybe there is a solution more integrated and modifications written instantaneously.Just mentioning flexibility is not a valid requirement and more flexibilityalways leads to additional complexity. Ciao, Michael.
-- ------------ M. P.