Arthur de Jong wrote:
On Wed, 2013-12-25 at 16:44 +0100, Michael Ströder wrote:
Furthermore there's slapo-deref which seems to work. The client control can be used to retrieve all the 'uid' values in member entries. The NSS provider has to extract the 'uid' values from the response control value.
Sadly, the Internet Draft expired without turning into an RFC. I also can't find any documentation on slapo-deref, do you have any pointers?
Also, do you have any idea whether this is implemented by a significant part of the LDAP servers out there (is it worth the effort to implement this client-side)?
This was developed at the request of the Samba team, and some of those developers also worked on SSSD, so it has already been implemented in significant volumes.
There is also a memberof overlay that populates memberOf attributes in users. Would it be difficult to make a memberuid overlay that populates memberUid attributes in the group?
That would be counterproductive.