https://bugs.openldap.org/show_bug.cgi?id=9402
--- Comment #1 from Howard Chu <[email protected]> --- (In reply to Vincent Danjean from comment #0) > Hi, > > The memberof overlay add support for memberOf attributes. But, when using > nested groups, user group membership must be handled on each ldap client. > The current implementation allows one to only retrieve direct group > ownership. Nested group membership must be done by client recursive lookup. > > Microsoft Active Directory provides a way to do the recursive lookup at > server side: https://ldapwiki.com/wiki/LDAP_MATCHING_RULE_IN_CHAIN > It would be really useful if openldap (slapd) was also able to do the same. > > Regards, > Vincent > > PS: I set the component to overlays in this bugs report, but I'm not sure it > should be implemented into the overlays memberof itself. Based on the description you linked, it looks like this provides the same functionality as the dnSubtreeMatch extended matching rule in OpenLDAP. I don't see much reason to add this M$-specific extension. -- You are receiving this mail because: You are on the CC list for the issue.
