Nathan Kinder wrote:
On 05/18/2010 08:48 AM, Rich Megginson wrote:
> Roberto Polli wrote:
>
>
>> On Tuesday 18 May 2010 16:28:48 Rich Megginson wrote:
>>
>>
>>
>>> ...I would start with the member of plugin code.
>>>
>>>
>>>
>> I'll take a look.
>>
>> do you think it will be better to extend memberof plugin or play directly into
>> the group entry
>>
>>
>>
> not sure what you mean by "play directly into the group entry"
>
> You might be able to do this by extending the member of plugin. With
> dynamic groups, you will probably still want to have the member of
> functionality, and it should work with member of when using static
> groups too.
>
>
The difficult part is going to be making the memberOf plug-in work with
dynamic groups.
Is the idea to have the "member" attributes be virtual attributes that
are generated on the fly when a client performs a search for the group?
That might work, as long as you don't have to support searches in
dynamic group entries like (member=someUserDN)
I'm not quite sure how this approach can be made to work with the
memberOf plug-in since it is triggered by write operations that affect
group membership.
However it works, it should work with memberof and generate memberof
attributes in user entries, whether the group is static or dynamic.
I suppose it would work a little like persistent search - on every
update operation (not just group updates, but all updates), it would
have to scan every dynamic group entry, looking at the pre-update entry
and the post-update entry. If the pre-update entry does not match the
dynamic group definition, but the post-update entry does match the
dynamic group definition, then you add the DN of that entry to the
member attribute in the group entry. If the pre-update matches but not
the post-update, you have to remove the member.
> static group:
> cn=groupA,....
> objectclass: groupOfNames
> member: uid=foo,...<- static member - must add/delete manually
> member: uid=bar,...<- static member - must add/delete manually
>
> dynamic group:
> cn=groupB,...
> objectclass: groupOfDynNames<- need new objectclass that has both url
> specifier attribute and member attribute
> memberURL: ldap:///ou=people?sub?(ou=myorg)<- specifies which entries
> are members
> member: uid=foo,...<- dynamic member - plugin adds this
> member: uid=bar,...<- dynamic member - plugin adds this
>
> uid=foo,ou=people,...
> ou: myorg
> memberof: cn=groupA,....<- plugin adds this
> memberof: cn=groupB,....<- plugin adds this
>
>
>> thx+Peace,
>> R.
>>
>>
>>
>>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users