Re: [exim] Ugly configuration with nested LDAP lookups (spac…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Patrick von der Hagen
Date:  
À: exim-users
Sujet: Re: [exim] Ugly configuration with nested LDAP lookups (space asdelimiter?)
On Thu, Apr 09, 2009 at 06:02:32PM +0200, Heiko Schlittermann wrote:
> Hi Phil,
>
> Phil Pennock <exim-users@???> (Do 09 Apr 2009 13:03:34 CEST):

[...]
> ...
> > After this, any update to the 'member' attribute of any object with
> > objectClass globnixGroup will automatically update the 'memberOf'
> > attributes of the corresponding objects.
> >
> > So by updating the equivalent to your mailgroups:
> >
> > >     dn: cn=edv,ou=mailgroups,o=org
> > >     mail: edv@???
> > >     member: cn=hans,ou=users,o=org  <- CN here, no mailbox
> > >     member: cn=paul,ou=users,o=org     ... or mail address

> >
> > the cn=hans,ou=users,o=org andcn=paul,ou=users,o=org entries would
> > automatically gain:
> > memberOf cn=edv,ou=mailgroups,o=org
> > as operational attributes (so you have to explicitly request them
> > (either by name or by requesting all operational attributes with +).
>
> This solution look pretty clever. I'll keep it in mind for a case where
> I can do more on the side of the directory service.

ADS has the concept of member/memberof for years. Longer than OpenLDAP
has overlays, IIRC.

It contains at least every "normal" groupmembership, but since ADS has
several slightly different group-types I am not sure wheter or not
memberOf contains all group-types.
--
CU,
Patrick.