1 autogroup overlay Readme
4 The autogroup overlay allows automated updates of group memberships which
5 meet the requirements of any filter contained in the group definition.
6 The filters are built from LDAP URI-valued attributes. Any time an object
7 is added/deleted/updated, it is tested for compliance with the filters,
8 and its membership is accordingly updated. For searches and compares
9 it behaves like a static group.
12 A Makefile is included.
16 The dyngroup schema must be modified, adding the 'member' attribute
17 to the MAY clause of the groupOfURLs object class, i.e.:
19 objectClass ( NetscapeLDAPobjectClass:33
23 MAY ( memberURL $ businessCategory $ description $ o $ ou $
24 owner $ seeAlso $ member) )
29 moduleload /path/to/autogroup.so
30 Loads the overlay (OpenLDAP must be built with --enable-modules).
33 This directive adds the autogroup overlay to the current database.
35 autogroup-attrset <group-oc> <URL-ad> <member-ad>
36 This configuration option is defined for the autogroup overlay.
37 It may have multiple occurrences, and it must appear after the
40 The value <group-oc> is the name of the objectClass that represents
43 The value <URL-ad> is the name of the attributeDescription that
44 contains the URI that is converted to the filters. If no URI is
45 present, there will be no members in that group. It must be a subtype
48 The value <member-ad> is the name of the attributeDescription that
49 specifies the member attribute. User modification of this attribute
50 is disabled for consistency.
55 include /path/to/dyngroup.schema
57 moduleload /path/to/autogroup.so
64 autogroup-attrset groupOfURLs memberURL member
68 As with static groups, update operations on groups with a large number
69 of members may be slow.
72 This module was originally written in 2007 by Michał Szulczyński.
75 Copyright 1998-2009 The OpenLDAP Foundation.
76 Portions Copyright (C) 2007 Michał Szulczyński.
79 Redistribution and use in source and binary forms, with or without
80 modification, are permitted only as authorized by the OpenLDAP
83 A copy of this license is available in file LICENSE in the
84 top-level directory of the distribution or, alternatively, at
85 http://www.OpenLDAP.org/license.html.