Interesting how this question is hitting a number of different mailing lists…
Here’s an edited extract of an email I’ve sent yesterday on OpenDJ mailing list: The memberOf attribute name was used by Microsoft Active Directory with specific semantic. There is no LDAP representation of the attribute definition, but details, including OID, can be found here: <https://msdn.microsoft.com/en-us/library/ms677099(v=vs.85).aspx>. It was also used by a Sun product (Delegated Administration) with another definition and semantic. This is why we choose in Sun Directory Server, OpenDS and now OpenDJ to have a properly defined attribute with a different name: isMemberOf, operational and read-only. My 2 cents, Ludo -- Ludovic Poitou http://ludopoitou.com From: Michael Ströder <[email protected]> Reply: Michael Ströder <[email protected]>> Date: 27 Apr 2015 at 22:43:41 To: Andrew Findlay <[email protected]>> Cc: [email protected] <[email protected]>> Subject: Re: Ldap challenge Andrew Findlay wrote: > On Mon, Apr 27, 2015 at 06:27:39PM +0000, Ross, Daniel B. wrote: > >> ismemberof does not exist we have to use memberof > > Memberof is fairly common. I don't think I have ever found a system > that used 'ismemberof'. 'isMemberOf' is used on Sun/Oracle DSSE, Netscape/Fedora/389-DS and OpenDS/OpenDJ. 'memberOf' was originally defined in MS Active Directory and is used as default in slapo-memberof. It's configurable though. Ciao, Michael.
