samba4 and memberOf
andreas.moroder at sb-brixen.it
Tue Jun 9 06:58:43 GMT 2009
While not currently an issue, Samba4 will need to improve it's handling
of the member/memberOf linked attributes. Handling these with a
transaction in Samba4 is fine, but if the backend server does not
support transactions, then the update is presumably racy.
Ideally, these would be calculated in the backend."
I hope I understand the issue right. What is needed is a list of all the
groups the user is member of as attributes of the user
ldapsearch -x uid=amoroder
displayName: andreas moroder
memberOf: cn=Print Operators,ou=groups,dc=sb-brixen,dc=it
If this is needed, then I think we have a solution that has no
consistency problems. We commisioned a company to write a GPLed overlay
for openldap that returns the attributes creating them dinamicaly from
the gidNumber and the memberUID attributes of the groups.
The only drawback is, that it is not possible to use this field as a
e.g. ldapsearch -x memberOf=cn=medinfo,ou=groups,dc=sb-brixen,dc=it
does not work. Probably becaue the filtering happens before the
attribute is created.
If these is what is needed then I can post the source.
More information about the samba-technical