Le Sat, 21 Nov 2015 20:51:30 -0800, Quanah Gibson-Mount quanah@zimbra.com a écrit :
--On Sunday, November 22, 2015 12:20 AM +0100 "M. P." kisscoolandthegangbang@hotmail.fr wrote:
Le 2015-11-21 19:59, Quanah Gibson-Mount a écrit :
--On Friday, November 20, 2015 2:59 PM +0100 "M. P." kisscoolandthegangbang@hotmail.fr wrote:
I want to permit a "two way" group membership management, something more flexible. First by adding members to groups objects and the other way by adding groups to users objects. I dont know if it is clear enough and if it is doable like this. But I try.
Why not use dynamic groups?
I'm not sure how dynamic groups could help me here.
You just define groups based off an attribute in the user entry. Thus it is a single write op to update the membership for a given user, and the change in user membership is instant. If you do it sanely, you can trivially determine what groups a user belongs to by looking at the entry, and as long as the ldap client is using ldapcompare etc properly for group membership checks, it appears just like any "static" ldap group to the client.
It is not exactly what I'm looking for but I'll certainly use dynamic groups later for something else.
To make it clearer, I have 2 users, userA and userB, and a group, groupA. If I add a user by his dn uid=userA,ou... to cn=groupA, slapo-memberof will add to userA an attribute isMemberOf=cn=groupA,ou... (isMemberOf is a modifiable replacement for memberOf in my case). What I want to make work is when I add an attribute isMemberOf=cn=groupA to userB, then in cn=groupA I want to see an attibute member=uid=userB,ou... . Then if for any reason I want to delete the group membership by removing member=uid=userB,ou... from cn=groupA, it should remove the attribute isMemberOf=cn=GroupA,ou... from uid=userB,ou...
You can even use the memberOf attribute for creating the dynamic groups.
The memberof attribute is a readonly attribute. How could it be modified ?
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration