Hello,
We have to install a product which use ldap and that seems to need memberof overlay. As I have read this overlay is deprecated is cause trouble with replication. So I have dug to found a replacement solution, and what I have found is to add something like that :
In the olcDynamicList
olcDlAttrSet: myPerson labeledURI myMemberOf
And in each user <user> :
labeledURI: ldap:///ou=groups,dc=example,dc=com??sub?(&(objectclass=posixgroup) (memberuid=<user>))
I find this way quite heavy to deal with, adding such attribute to every user (1), but we can do it.
My other problem is that the myMemberOf may be really long to compute at each request (and for stupid historic reason some old programs do qyery on the full user set of atttributes).
So I intend to add a proxycache. But I have a questiion concerning the templates : if I add the following template (myMemberOf=*) will it cache only the requests that are exactly (myMemberOf=XXX) or requests that contains the pattern like (&(Status=xxx)(myMemberOf=yyy)) ?
Thanks.
f.g.
Note 1 : it would be nice that we could define thinks like in a single place : labeledURI: ldap:///ou=groups,dc=example,dc=com??sub?(&(objectclass=posixgroup) (memberuid=%uid%)) where %uid% would be the uid attribute value of the considered object. Or do I miss solething ?
— Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11