[mdlug] anyone using ldap for a thunderbird address book?
Adam Tauno Williams
awilliam at whitemice.org
Tue Aug 14 08:47:18 EDT 2012
On Mon, 2012-08-13 at 22:54 -0400, Michael Corral wrote:
> 2012-08-13, Monsieur Carl T. Miller a ecrit:
> > One of the guys at work is annoyed that openldap won't let
> > a group be a member of a group.
> That guy is wrong.
> There are several ways of doing it. In the posixGroup objectClass
> the member attribute can take another group as a value. It can also
> be done with the groupOfNames objectClass. And there's at least one
> other (but more complicated) way of doing it that uses ACLs. So it's
> not a problem on the OpenLDAP side. Whether all LDAP clients are
> capable of handling groups-within-groups properly is another matter.
There *IS* an LDAP client that supports nested groups??? I've never met
one [as an aside, I think nested groups are *horrible*; they seem very
clever but very quickly become impossible to manage.].
But probably the best way to do group is to create dynamic objects;
that is how we do it. Then all objects matching the filter specified in
the labelledURI (spelling?) attribute are members of the group - verses
having to maintain the membership of the group manually. If you want
you have have a memberOf attribute in objects and assign them to the
group using a filter that uses memberOf; in many cases that is simpler
than managing group objects themselves.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mdlug.org/pipermail/mdlug/attachments/20120814/89739291/attachment-0001.sig>
More information about the mdlug
mailing list