Alceu Rodrigues de Freitas Junior wrote: > I guess I failed to express myself properly. > > I do know memberOf is not a requirement: regular exporting data from > /etc/passwd, /etc/shadow and /etc/group as LDIF files are working as expected. > > But wouldn't it be a better option to use it instead of handling data in > multiple places (users and groups) instead of just the groups entries in the > tree?
The PAM/NSS functions for interacting with LDAP already know how to efficiently check membership of a user in a group, without using memberOf attribute. To check if a user is a member of a specific group, one merely needs to do an LDAP Compare on the group, against member:<user>. To see all members of a group, one just needs to retrieve the group entry. The memberOf attribute has zero relevance here. > > At least this is my understanding regarding the usefulness of memberOf. Not > sure either if that would become a performance issue. > > Em 20/08/2022 19:02, Howard Chu escreveu: > >> >> You don't need memberOf to maintain /etc/group info in LDAP. >> > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
