On 05/04/2019 16:33, Clément OUDOT wrote:
Le 05/04/2019 à 10:36, Olivier - a écrit :
> Hi all,
> I'm testing static group and dynamic group.
> * Dynmaic group : is it possible to do reverse search in dynamic
> group ? I reead something about the "ismemberof" attribute and
> /ds-virtual-static-group/. But i'm not sure we can do it with
Not with dynlist overlay, but you could try autogroup overlay with
memberof overlay. The autogroup overlay will build static groups
trough a memberUrl.
> * Static group seems to be fine for me. I have a newbie's question :
> can we have , for example, the mail attribute of all members of
> service Y in only one request ?
> I mean : make a request on service Y to have member's list and ,
> in the same action , have the member's mail.
You could do it by using the "deref" search extended control.
Clément Oudot | Identity Solutions Manager
I have implemented a setup like that ("autogroup" and "memberof"
overlay, modified dynlist schema to include "member" attribute).
Everything is working, except for the memberOf attribute in combination
with autogroup and a groupOfURLs.
E.g. I can list all the members of an autogroup fine if I search for the
group, but if I request the memberOf for a certain uid, only the
non-autogroup groups are returned.
According to the bits of documentation I could find, everything should
be setup correctly, but the memberOf is never set for autogroups.
From #openldap I got the information that this should be working,
theoretically, ... see this thread, which describes exactly my use case
with the same problems surfacing:
Any insights on this?