Re: Ldap challenge

Interesting how this question is hitting a number of different mailing lists… Here’s an edited extract of an email I’ve sent yesterday on OpenDJ mailing list: The memberOf attribute name was used by Microsoft Active Directory with specific semantic. There is no LDAP representation of the attribute definition, but details, including OID, can be found here: <https://msdn.microsoft.com/en-us/library/ms677099(v=vs.85).aspx>;.  It was also used by a Sun product (Delegated Administration) with another definition and semantic.  This is why we choose in Sun Directory Server, OpenDS and now OpenDJ to have a properly defined attribute with a different name: isMemberOf, operational and read-only. My 2 cents, Ludo --  Ludovic Poitou http://ludopoitou.com From: Michael Ströder <michael(a)stroeder.com&gt; Reply: Michael Ströder <michael(a)stroeder.com&gt;&gt; Date: 27 Apr 2015 at 22:43:41 To: Andrew Findlay <andrew.findlay(a)skills-1st.co.uk&gt;&gt; Cc: openldap-technical(a)openldap.org <openldap-technical(a)openldap.org&gt;&gt; Subject:  Re: Ldap challenge Andrew Findlay wrote: 'isMemberOf' is used on Sun/Oracle DSSE, Netscape/Fedora/389-DS and OpenDS/OpenDJ. 'memberOf' was originally defined in MS Active Directory and is used as default in slapo-memberof. It's configurable though. Ciao, Michael.