[389-users] dynamic group expansion: writing a patch...
Nathan Kinder
nkinder at redhat.com
Tue May 18 16:37:10 UTC 2010
On 05/18/2010 08:48 AM, Rich Megginson wrote:
> Roberto Polli wrote:
>
>> On Tuesday 18 May 2010 16:28:48 Rich Megginson wrote:
>>
>>
>>> ...I would start with the member of plugin code.
>>>
>>>
>> I'll take a look.
>>
>> do you think it will be better to extend memberof plugin or play directly into
>> the group entry
>>
>>
> not sure what you mean by "play directly into the group entry"
>
> You might be able to do this by extending the member of plugin. With
> dynamic groups, you will probably still want to have the member of
> functionality, and it should work with member of when using static
> groups too.
>
The difficult part is going to be making the memberOf plug-in work with
dynamic groups.
Is the idea to have the "member" attributes be virtual attributes that
are generated on the fly when a client performs a search for the group?
I'm not quite sure how this approach can be made to work with the
memberOf plug-in since it is triggered by write operations that affect
group membership.
> static group:
> cn=groupA,....
> objectclass: groupOfNames
> member: uid=foo,...<- static member - must add/delete manually
> member: uid=bar,...<- static member - must add/delete manually
>
> dynamic group:
> cn=groupB,...
> objectclass: groupOfDynNames<- need new objectclass that has both url
> specifier attribute and member attribute
> memberURL: ldap:///ou=people?sub?(ou=myorg)<- specifies which entries
> are members
> member: uid=foo,...<- dynamic member - plugin adds this
> member: uid=bar,...<- dynamic member - plugin adds this
>
> uid=foo,ou=people,...
> ou: myorg
> memberof: cn=groupA,....<- plugin adds this
> memberof: cn=groupB,....<- plugin adds this
>
>> thx+Peace,
>> R.
>>
>>
>>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list