Tim Watts wrote: > On 12/04/16 10:37, Tim Watts wrote: > >> I'll do some more testing and have a look at that "set=" inefficiency too. > > OK - I understand that a bit more - I'll have to leave it alone. We're heavily > structured around POSIX groups (memberUID). > > But suggestion appreciated :) The solution are hybrid groups: # This allows mixed group schema # also "dynamic groups" based on groupOfURLs/memberURL objectclass ( ae-dir-oc:1 NAME 'aeGroup' X-ORIGIN 'AE-DIR' DESC 'AE-DIR: Group entry' STRUCTURAL SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) MUST ( description ) ) With constraints you can ensure the alignment of 'member' and 'memberUID' attribute value sets. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature