On Thu, Apr 09, 2009 at 06:02:32PM +0200, Heiko Schlittermann wrote:
> Hi Phil,
>
> Phil Pennock <exim-users@???> (Do 09 Apr 2009 13:03:34 CEST):
[...]
> ...
> > After this, any update to the 'member' attribute of any object with
> > objectClass globnixGroup will automatically update the 'memberOf'
> > attributes of the corresponding objects.
> >
> > So by updating the equivalent to your mailgroups:
> >
> > > dn: cn=edv,ou=mailgroups,o=org
> > > mail: edv@???
> > > member: cn=hans,ou=users,o=org <- CN here, no mailbox
> > > member: cn=paul,ou=users,o=org ... or mail address
> >
> > the cn=hans,ou=users,o=org andcn=paul,ou=users,o=org entries would
> > automatically gain:
> > memberOf cn=edv,ou=mailgroups,o=org
> > as operational attributes (so you have to explicitly request them
> > (either by name or by requesting all operational attributes with +).
>
> This solution look pretty clever. I'll keep it in mind for a case where
> I can do more on the side of the directory service.
ADS has the concept of member/memberof for years. Longer than OpenLDAP
has overlays, IIRC.
It contains at least every "normal" groupmembership, but since ADS has
several slightly different group-types I am not sure wheter or not
memberOf contains all group-types.
--
CU,
Patrick.
