Hi,
I realise the documentation for slapo-memberof indicate that this isn't possible, but I thought it worthwhile asking here anyway — is it possible to use the memberOf overlay with groups that use memberUid as their membership attributes, rather than user DNs?
We have a large existing LDAP database that has thousands of groups like this, and would very much like to use slapo-memberof.
Any pointers (positive or negative) much appreciated — just so I know for definite.
—Oliver
On Thu, 31 Mar 2011 16:08:54 +0300 Oliver Beattie oliver@obeattie.com wrote:
Hi,
I realise the documentation for slapo-memberof indicate that this isn't possible, but I thought it worthwhile asking here anyway — is it possible to use the memberOf overlay with groups that use memberUid as their membership attributes, rather than user DNs?
We have a large existing LDAP database that has thousands of groups like this, and would very much like to use slapo-memberof.
Any pointers (positive or negative) much appreciated — just so I know for definite.
—Oliver
Hi, Oliver!
memberOf can only be used with DN-valued attributes in the group objects. But you may think about your user entries as a "lists" and use an excelent Dynamic Lists overlay to search group objects, which have the memberUid attribute equal to uid of your member object. But then you have to insert into each user account the labeledURI attribute with search request like this: ldap:///ou=groups,dc=domain,dc=com??sub?(&(objectClass=posixGroup)(memberUid=MYUID))/ This would be work but in a large directory it may dramatically decrease overall performance.
openldap-technical@openldap.org