Hi, I was an idiot... The only thing i have to do is just execute a simple ldap query. I was looking for a built-in solution because i solved it in OpenLDAP using overlays (after i spend a whole day to re-compile it with right options...). The ldap structure what i'm using corresponds to the example. I also configured an OpenDS server last night but its dynamic group implementation differs from OpenDLAP (OpenDS uses an isMemeberOf virtual attribute that implements the memberOf algorithm.) Anyway, i think this manual query solution is the best choice.
Thx a lot! On Sat, Aug 8, 2009 at 10:55 AM, Stefan Seelmann<[email protected]> wrote: > Denes Csepely wrote: >> Hi, >> i know what dynamic group means. "Technically" u mean i can't leverage it? :) >> > > You can. > > You just need to describe the criteria that matches the members. A > common pattern is to add an attribute to your group object containing an > LDAP URL including all search parameters. When performing that search > you get all the members. Please see [1] for detailed description. > > Some other servers (like OpenLDAP) allow it to resolve such an URL on > the server side and return a list of DNs. Depends on your needs. > > Kind Regards, > Stefan > > [1] > http://middleware.internet2.edu/dir/groups/docs/internet2-mace-dir-groups-best-practices-200210.htm > > >
