The memberOf attribute is actually common to several LDAP servers, although the attribute goes by a different name in each. It is available in AD, IBM'd LDAP server, Novell eDirectory, and others.
This is a very important feature because it allows users to announce membership to applications at login and from a performance perspective, it can make a huge difference. Instead of searching all groups to determine whether or not a user has membership, applications can simply check the memberOf attribute. WebSphere Portal, for example, recommends this approach for improving login times when configuring the portal server to authenticate against LDAP. Please consider this a vote in favor of the feature. Cody Burleson Burleson Technology Group Mobile: (214) 537-8783 Skype: codyburleson On Mon, Mar 8, 2010 at 8:51 AM, Martin Schuster (IFKL IT OS DSM CD) < [email protected]> wrote: > Linus van Geuns wrote: > > [...] > > I guess, your web app was designed for M$ Active Directory, as it > > stores group memberships in the groups object AND in the users object > > using 'memberOf' attribute. > > > > Standard LDAP only stores group membership in the group objects. > > [...] > I'm working with a SunDS (modified Novell LDAP server afaik), and it > also has this feature, i.e. if you have a group > > dn: cn=goodguys,dc=example,dc=com > uniqueMember: uid=superman,ou=people,dc=example,dc=com > > then the entry for this user will automatically have a correct > "isMemberOf" attribute > > dn: uid=superman,ou=people,dc=example,dc=com > isMemberOf: cn=goodguys,dc=example,dc=com > > If ApacheDS doesn't have this feature, it would be nice to have :) > > br, > -- > Infineon Technologies IT-Services GmbH [email protected] > Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster > FB: LG Klagenfurt, FN 246787y +43 5 1777 3517 >
