Interesting how this question is hitting a number of different mailing lists…
Here’s an edited extract of an email I’ve sent yesterday on OpenDJ mailing list:
The memberOf attribute name was used by Microsoft Active Directory with specific semantic.
There is no LDAP representation of the attribute definition, but details, including OID,
can be found here:
It was also used by a Sun product (Delegated Administration) with another definition and
This is why we choose in Sun Directory Server, OpenDS and now OpenDJ to have a properly
defined attribute with a different name: isMemberOf, operational and read-only.
My 2 cents,
From: Michael Ströder <michael(a)stroeder.com>
Reply: Michael Ströder <michael(a)stroeder.com>>
Date: 27 Apr 2015 at 22:43:41
To: Andrew Findlay <andrew.findlay(a)skills-1st.co.uk>>
Cc: openldap-technical(a)openldap.org <openldap-technical(a)openldap.org>>
Subject: Re: Ldap challenge
Andrew Findlay wrote:
On Mon, Apr 27, 2015 at 06:27:39PM +0000, Ross, Daniel B. wrote:
> ismemberof does not exist we have to use memberof
Memberof is fairly common. I don't think I have ever found a system
that used 'ismemberof'.
'isMemberOf' is used on Sun/Oracle DSSE, Netscape/Fedora/389-DS and OpenDS/OpenDJ.
'memberOf' was originally defined in MS Active Directory and is used as
default in slapo-memberof. It's configurable though.