In Active Directory, the "memberOf" attribute is a "calculated" attribute. If you use a global catalog, you would need to actually set it up to populate there. I don't know if ApacheDS has calculated attributes or not. To simulate AD, I've added the memberOf to the appropriate object class (can't remember off the top of my head but could look it up if needed) and I manually populate it for testing.
Mike -----Original Message----- From: Martin Schuster (IFKL IT OS DSM CD) [mailto:[email protected]] Sent: Monday, March 08, 2010 8:51 AM To: [email protected] Cc: [email protected] Subject: Re: memberOf attribute Linus van Geuns wrote: > [...] > I guess, your web app was designed for M$ Active Directory, as it > stores group memberships in the groups object AND in the users object > using 'memberOf' attribute. > > Standard LDAP only stores group membership in the group objects. > [...] I'm working with a SunDS (modified Novell LDAP server afaik), and it also has this feature, i.e. if you have a group dn: cn=goodguys,dc=example,dc=com uniqueMember: uid=superman,ou=people,dc=example,dc=com then the entry for this user will automatically have a correct "isMemberOf" attribute dn: uid=superman,ou=people,dc=example,dc=com isMemberOf: cn=goodguys,dc=example,dc=com If ApacheDS doesn't have this feature, it would be nice to have :) br, -- Infineon Technologies IT-Services GmbH [email protected] Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster FB: LG Klagenfurt, FN 246787y +43 5 1777 3517 --------------------------------------------------------------------------------------------------------- This e-mail message may contain privileged and/or confidential information, and is intended to be received only by persons entitled to receive such information. If you have received this e-mail in error, please notify the sender immediately. Please delete it and all attachments from any servers, hard drives or any other media. Other use of this e-mail by you is strictly prohibited. All e-mails and attachments sent and received are subject to monitoring, reading and archival by Monsanto, including its subsidiaries. The recipient of this e-mail is solely responsible for checking for the presence of "Viruses" or other "Malware". Monsanto, along with its subsidiaries, accepts no liability for any damage caused by any such code transmitted by or accompanying this e-mail or any attachment. ---------------------------------------------------------------------------------------------------------
