On 14/06/2019 11:08, Daan Hoogland wrote:
H, I got passed loading users
Good !
and am facing the next point; the memberOf attribute. It is not supposed to be in ADS yet, and as per the latest comment in DIRSERVER-1844 <https://issues.apache.org/jira/browse/DIRSERVER-1844?focusedCommentId=16519598&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16519598> will probably not be implemented. Now I am testing against an embedded ADS and need yto operate on a variety of LDAP servers, so I want to have it anyway. Is there a way to hack it in? I looked at the stackoverflow question about this <https://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds> but after loading the extra schema the warning "Requested attribute memberOf does not exist in the schema, it will be ignored". I don't care for the overhead for now but really need to test this functionality.
So the whole idea of having the memberOf attribute implemented is to be able, to 'generate' it on the fly ie when searching for entries that are member of a 'groupOfNames' entry. A good description is given on https://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance
How to implement that in ApacheDS ? We would need to create a new Interceptor that acts upon a search operation by doing a search on entries containing the 'member' attribute with a DN associated to the entries being returned by the search. If we find some, then we create the 'memberOf' attribute and inject the group entry's DN into it.
That is not really complex, except that if you want it to have good performance, you need to add an index on the 'member' attribute.
It's a couple of days work, tests included. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
