ghenry@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/openldap-guide/admin
Modified Files: overlays.sdf 1.11 -> 1.12
Log Message: Patch for memberOf overlay section from Buchan Milne.
Few comments (I'd fix it myself, but I'm not native English and I don't have sdf installed, so you'd probably do a much better job):
The last sentence
Note that the {{B:memberOf}} attribute is an operational attribute,
so > it must be requested explicitly.
should be completed by adding (for dummies :)
Note that the {{B:memberOf}} attribute is an operational attribute,
so > it must be requested explicitly in search requests.
Moreover, I made "memberOf" operational by hacking the original definition, in order to be able to add it to arbitrary entries without the need to add the "extensibleObject" objectClass, or to create a specific "memberOfGroup" auxiliary obhjectClass that allows "memberOf" and add it to all entries where the attribute is added. This has to be fixed somehow. Either we define our own "member-of" attribute and make it operational, or we define a "memberOfGroup" auxiliary objectClass as described above, or whatever.
Finally, I'd mention that if the overlay is added to an existing database, data is not sanitized by populating all entries according to their group membership. This is on the TODO list. There might be other minor sanity checks missing that I'm not aware of.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------