On 03/21/2013 09:04 AM, Jan-Frode Myklebust wrote:
> Serverdefault has a hack for supporting nested groups on
> RHEL5/apache-2.2 involving a ldap filter using
> LDAP_MATCHING_RULE_IN_CHAIN on Active Directory, ref:
> Does anybody know if a similar filter can be created for an with
> IPA/389ds backend ?
In IPA/389 each user has a full list of the DNs of the groups he is a
Also the member attribute in the group is the list of DNs of all members
and member groups.
IPA/389 supports a dereference control.
But the question is: what are you trying to accomplish?
If you need to check whether the user is a member of the group it is a
simple search using member attribute as a filter.
> Freeipa-users mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list