Commit 946e8591 authored by Howard Chu's avatar Howard Chu
Browse files

ITS#5145 autogroups, with minor cleanup

parent 8a622361
Copyright (C) 2007 Michał Szulczyński.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.
A copy of this license is available in file LICENSE in the
top-level directory of the distribution or, alternatively, at
http://www.OpenLDAP.org/license.html.
CPPFLAGS=-I../../../include -I../../../servers/slapd
#LDFLAGS=-L/usr/local/openldap/lib
#LDFLAGS=-L/home/mszulczynski/autogroup/openldap/lib/
CC=gcc
all: autogroup.so
autogroup.so: autogroup.c
$(CC) -shared -fPIC $(CPPFLAGS) $(LDFLAGS) -Wall -o $@ $?
clean:
rm autogroup.so
autogroup overlay Readme
DESCRIPTION
The autogroup overlay allows automated updates of group membership which
meet the requirements of any filter contained in the group. The filters
are build from the LDAP URI-valued attributes. Any time an object is
added/deleated/updated, it is tested for compilance with the filters,
and its membership is accordingly updated. For searches and compares
it behaves like a static group.
BUILDING
A Makefile is included.
CONFIGURATION
# dyngroup.schema:
The dyngroup schema must be modified, adding the 'member' attribute
to the MAY clause of the groupOfURLs object class, i.e.:
objectClass ( NetscapeLDAPobjectClass:33
NAME 'groupOfURLs'
SUP top STRUCTURAL
MUST cn
MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso $ member) )
# slapd.conf:
moduleload /path/to/autogroup.so
Loads the overlay (OpenLDAP must be build with --enable-modules).
overlay autogroup
This directive adds the autogroup overlay to the current database.
autogroup-attrset <group-oc> <URL-ad> <member-ad>
This configuration option is defined for the autogroup overlay.
It may have multiple occurrences, and it must appear after the
overlay directive.
The value <group-oc> is the name of the objectClass that represents
the group.
The value <URL-ad> is the name of the attributeDescription that
contains the URI that is converted to the filters. If no URI is
present, there will be no members in that group. It must be a subtype
of labeledURI.
The value <member-ad> is the name of the attributeDescription that
specifies the member attribute. User modification of this attribute
is disabled for consistency.
EXAMPLE
### slapd.conf
include /path/to/dyngroup.schema
# ...
moduleload /path/to/autogroup.so
# ...
database <database>
# ...
overlay autogroup
autogroup-attrset groupOfURLs memberURL member
### end slapd.conf
CAVEATS
As with static groups, update operations on groups with a large number
of members may be slow.
ACKNOWLEDGEMENTS
This module was written in 2007 by Michał Szulczyński.
This diff is collapsed.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment