Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
Arthur de Jong wrote:
On Wed, 2013-12-25 at 16:44 +0100, Michael Ströder wrote:
> Furthermore there's slapo-deref which seems to work. The client
> control can be used to retrieve all the 'uid' values in member
> entries. The NSS provider has to extract the 'uid' values from the
> response control value.
>
> See https://tools.ietf.org/html/draft-masarati-ldap-deref
Sadly, the Internet Draft expired without turning into an RFC. I also
can't find any documentation on slapo-deref, do you have any pointers?
Also, do you have any idea whether this is implemented by a significant
part of the LDAP servers out there (is it worth the effort to implement
this client-side)?
This was developed at the request of the Samba team, and some of those
developers also worked on SSSD, so it has already been implemented in
significant volumes.
There is also a memberof overlay that populates memberOf attributes
in
users. Would it be difficult to make a memberuid overlay that populates
memberUid attributes in the group?
That would be counterproductive.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/