Le 2015-11-21 17:32, Michael Ströder a écrit :
M. P. wrote:
Why do you want to change group membership by tweaking 'memberOf' anyway?
I want to permit a "two way" group membership management, something more flexible. First by adding members to groups objects and the other way by adding groups to users objects. I dont know if it is clear enough and if it is doable like this. But I try.
Yes, but why do you really need that?
I'm trying but I don't know how to explain you that differently :/ It's just for the support guys. If they alter group entries that should be reflected on the user (that is the case with slapo-memberof). If they alter user entries that should be reflected on the group (the opposite of slapo-memberof).
Note that this would somewhat circumvent access control delegation on group entries.
Sorry, I don't understand this part.
Your user and group entries could be subject to different access control.
Ok. I'm aware of this point but thanks for the reminder. ;)
Hence you should always modify the group entries directly.
Yes I can do this, but for flexibility I'm looking for a way to alter user entries and that would be reflected on group entries. For sure it is scriptable, I know, but maybe there is a solution more integrated and modifications written instantaneously.
Just mentioning flexibility is not a valid requirement and more flexibility always leads to additional complexity.
Ciao, Michael.