Man Linux: Main Page and Category List

NAME

       slapo-memberof - Reverse Group Membership overlay to slapd

SYNOPSIS

       /etc/ldap/slapd.conf

DESCRIPTION

       The  memberof  overlay  to  slapd(8)  allows  automatic  reverse  group
       membership maintenance.  Any  time  a  group  entry  is  modified,  its
       members  are  modified  as appropriate in order to keep a DN-valued "is
       member of" attribute updated with the DN of the group.

CONFIGURATION

       The config directives that are specific to the memberof overlay must be
       prefixed  by  memberof-,  to  avoid potential conflicts with directives
       specific to the underlying database or to other stacked overlays.

       overlay memberof
              This  directive  adds  the  memberof  overlay  to  the   current
              database; see slapd.conf(5) for details.

       The  following  slapd.conf  configuration  options  are defined for the
       memberofoverlay.

       memberof-group-oc <group-oc>
              The value  <group-oc>  is  the  name  of  the  objectClass  that
              triggers  the  reverse  group membership update.  It defaults to
              groupOfNames.

       memberof-member-ad <member-ad>
              The value <member-ad> is the name of the attribute that contains
              the  names  of  the members in the group objects; it must be DN-
              valued.  It defaults to member.

       memberof-memberof-ad <memberof-ad>
              The value <memberof-ad>  is  the  name  of  the  attribute  that
              contains  the names of the groups an entry is member of; it must
              be DN-valued.  Its contents are  automatically  updated  by  the
              overlay.  It defaults to memberOf.

       memberof-dn <dn>
              The value <dn> contains the DN that is used as modifiersName for
              internal modifications performed to  update  the  reverse  group
              membership.   It  defaults  to  the  rootdn  of  the  underlying
              database.

       memberof-dangling {ignore, drop, error}
              This option determines the behavior of the overlay when,  during
              a  modification, it encounters dangling references.  The default
              is ignore, which may leave dangling references.   Other  options
              are  drop,  which discards those modifications that would result
              in dangling references, and error,  which  causes  modifications
              that would result in dangling references to fail.

       memberof-dangling-error <error-code>
              If   memberof-dangling  is  set  to  error,  this  configuration
              parameter can be used to modify the response  code  returned  in
              case  of  violation.  It defaults to "constraint violation", but
              other implementations are  known  to  return  "no  such  object"
              instead.

       memberof-refint {true|FALSE}
              This  option determines whether the overlay will try to preserve
              referential integrity or not.  If set to  TRUE,  when  an  entry
              containing  values  of the "is member of" attribute is modified,
              the corresponding groups are modified as well.

       The memberof overlay may be used with any backend  that  provides  full
       read-write  functionality, but it is mainly intended for use with local
       storage backends.

FILES

       /etc/ldap/slapd.conf
              default slapd configuration file

SEE ALSO

       slapd.conf(5),  slapd-config(5),   slapd(8).    The   slapo-memberof(5)
       overlay supports dynamic configuration via back-config.

ACKNOWLEDGEMENTS

       This  module  was  written  in  2005  by Pierangelo Masarati for SysNet
       s.n.c.