Denes Csepely wrote: > Hi, > i know what dynamic group means. "Technically" u mean i can't leverage it? :) >
You can. You just need to describe the criteria that matches the members. A common pattern is to add an attribute to your group object containing an LDAP URL including all search parameters. When performing that search you get all the members. Please see [1] for detailed description. Some other servers (like OpenLDAP) allow it to resolve such an URL on the server side and return a list of DNs. Depends on your needs. Kind Regards, Stefan [1] http://middleware.internet2.edu/dir/groups/docs/internet2-mace-dir-groups-best-practices-200210.htm
