On 03/21/2013 09:04 AM, Jan-Frode Myklebust wrote: > Serverdefault has a hack for supporting nested groups on > RHEL5/apache-2.2 involving a ldap filter using > LDAP_MATCHING_RULE_IN_CHAIN on Active Directory, ref: > > http://serverfault.com/a/424706 > > Does anybody know if a similar filter can be created for an with > IPA/389ds backend ?
In IPA/389 each user has a full list of the DNs of the groups he is a member of. Also the member attribute in the group is the list of DNs of all members and member groups. IPA/389 supports a dereference control. But the question is: what are you trying to accomplish? If you need to check whether the user is a member of the group it is a simple search using member attribute as a filter. > > > -jf > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
