M. P. wrote:
Why do you want to change group membership by tweaking 'memberOf' anyway?
I want to permit a "two way" group membership management, something more flexible. First by adding members to groups objects and the other way by adding groups to users objects. I dont know if it is clear enough and if it is doable like this. But I try.
Yes, but why do you really need that?
Note that this would somewhat circumvent access control delegation on group entries.
Sorry, I don't understand this part.
Your user and group entries could be subject to different access control.
Hence you should always modify the group entries directly.
Yes I can do this, but for flexibility I'm looking for a way to alter user entries and that would be reflected on group entries. For sure it is scriptable, I know, but maybe there is a solution more integrated and modifications written instantaneously.
Just mentioning flexibility is not a valid requirement and more flexibility always leads to additional complexity.
Ciao, Michael.