Le Sat, 21 Nov 2015 20:51:30 -0800, Quanah Gibson-Mount <[email protected]> a écrit :
> --On Sunday, November 22, 2015 12:20 AM +0100 "M. P." > <[email protected]> wrote: > > > Le 2015-11-21 19:59, Quanah Gibson-Mount a écrit : > >> --On Friday, November 20, 2015 2:59 PM +0100 "M. P." > >> <[email protected]> wrote: > >> > >>> I want to permit a "two way" group membership management, something > >>> more > >>> flexible. First by adding members to groups objects and the other way > >>> by > >>> adding groups to users objects. I dont know if it is clear enough and > >>> if > >>> it is doable like this. But I try. > >> > >> Why not use dynamic groups? > > > > I'm not sure how dynamic groups could help me here. > > You just define groups based off an attribute in the user entry. Thus it > is a single write op to update the membership for a given user, and the > change in user membership is instant. If you do it sanely, you can > trivially determine what groups a user belongs to by looking at the entry, > and as long as the ldap client is using ldapcompare etc properly for group > membership checks, it appears just like any "static" ldap group to the > client. It is not exactly what I'm looking for but I'll certainly use dynamic groups later for something else. To make it clearer, I have 2 users, userA and userB, and a group, groupA. If I add a user by his dn uid=userA,ou... to cn=groupA, slapo-memberof will add to userA an attribute isMemberOf=cn=groupA,ou... (isMemberOf is a modifiable replacement for memberOf in my case). What I want to make work is when I add an attribute isMemberOf=cn=groupA to userB, then in cn=groupA I want to see an attibute member=uid=userB,ou... . Then if for any reason I want to delete the group membership by removing member=uid=userB,ou... from cn=groupA, it should remove the attribute isMemberOf=cn=GroupA,ou... from uid=userB,ou... > > You can even use the memberOf attribute for creating the dynamic groups. The memberof attribute is a readonly attribute. How could it be modified ? > > > --Quanah > > > -- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > >
