1autogroup overlay Readme 2 3DESCRIPTION 4 The autogroup overlay allows automated updates of group memberships which 5 meet the requirements of any filter contained in the group definition. 6 The filters are built from LDAP URI-valued attributes. Any time an object 7 is added/deleted/updated, it is tested for compliance with the filters, 8 and its membership is accordingly updated. For searches and compares 9 it behaves like a static group. 10 11BUILDING 12 A Makefile is included. 13 14CONFIGURATION 15 # dyngroup.schema: 16 The dyngroup schema must be modified, adding the 'member' attribute 17 to the MAY clause of the groupOfURLs object class, i.e.: 18 19 objectClass ( NetscapeLDAPobjectClass:33 20 NAME 'groupOfURLs' 21 SUP top STRUCTURAL 22 MUST cn 23 MAY ( memberURL $ businessCategory $ description $ o $ ou $ 24 owner $ seeAlso $ member) ) 25 26 27 # slapd.conf: 28 29 moduleload /path/to/autogroup.so 30 Loads the overlay (OpenLDAP must be built with --enable-modules). 31 32 overlay autogroup 33 This directive adds the autogroup overlay to the current database. 34 35 autogroup-attrset <group-oc> <URL-ad> <member-ad> 36 This configuration option is defined for the autogroup overlay. 37 It may have multiple occurrences, and it must appear after the 38 overlay directive. 39 40 The value <group-oc> is the name of the objectClass that represents 41 the group. 42 43 The value <URL-ad> is the name of the attributeDescription that 44 contains the URI that is converted to the filters. If no URI is 45 present, there will be no members in that group. It must be a subtype 46 of labeledURI. 47 48 The value <member-ad> is the name of the attributeDescription that 49 specifies the member attribute. User modification of this attribute 50 is disabled for consistency. 51 52 53EXAMPLE 54 ### slapd.conf 55 include /path/to/dyngroup.schema 56 # ... 57 moduleload /path/to/autogroup.so 58 # ... 59 60 database <database> 61 # ... 62 63 overlay autogroup 64 autogroup-attrset groupOfURLs memberURL member 65 ### end slapd.conf 66 67CAVEATS 68 As with static groups, update operations on groups with a large number 69 of members may be slow. 70 71ACKNOWLEDGEMENTS 72 This module was originally written in 2007 by Michał Szulczyński. 73 74--- 75Copyright 1998-2010 The OpenLDAP Foundation. 76Portions Copyright (C) 2007 Michał Szulczyński. 77All rights reserved. 78 79Redistribution and use in source and binary forms, with or without 80modification, are permitted only as authorized by the OpenLDAP 81Public License. 82 83A copy of this license is available in file LICENSE in the 84top-level directory of the distribution or, alternatively, at 85http://www.OpenLDAP.org/license.html. 86