1 autogroup overlay Readme
4 The autogroup overlay allows automated updates of group memberships which
5 meet the requirements of any filter contained in the group definition.
6 The filters are built from LDAP URI-valued attributes. Any time an object
7 is added/deleted/updated, it is tested for compliance with the filters,
8 and its membership is accordingly updated. For searches and compares
9 it behaves like a static group.
10 If the attribute part of the URI is filled, the group entry is populated
11 by the values of this attribute in the entries resulting from the search.
14 A Makefile is included.
18 The dyngroup schema must be modified, adding the 'member' attribute
19 to the MAY clause of the groupOfURLs object class, i.e.:
21 objectClass ( NetscapeLDAPobjectClass:33
25 MAY ( memberURL $ businessCategory $ description $ o $ ou $
26 owner $ seeAlso $ member) )
31 moduleload /path/to/autogroup.so
32 Loads the overlay (OpenLDAP must be built with --enable-modules).
35 This directive adds the autogroup overlay to the current database.
37 autogroup-attrset <group-oc> <URL-ad> <member-ad>
38 This configuration option is defined for the autogroup overlay.
39 It may have multiple occurrences, and it must appear after the
42 The value <group-oc> is the name of the objectClass that represents
45 The value <URL-ad> is the name of the attributeDescription that
46 contains the URI that is converted to the filters. If no URI is
47 present, there will be no members in that group. It must be a subtype
50 The value <member-ad> is the name of the attributeDescription that
51 specifies the member attribute. User modification of this attribute
52 is disabled for consistency.
54 autogroup-memberof-ad <memberof-ad>
55 This configuration option is defined for the autogroup overlay.
57 It defines the attribute that is used by the memberOf overlay
58 to store the names of groups that an entry is member of; it must be
59 DN-valued. It should be set to the same value as
60 memberof-memberof-ad. It defaults to 'memberOf'.
65 include /path/to/dyngroup.schema
67 moduleload /path/to/autogroup.so
74 autogroup-attrset groupOfURLs memberURL member
78 include /path/to/dyngroup.schema
80 moduleload /path/to/autogroup.so
81 moduleload /path/to/memberof.so
88 memberof-memberof-ad foo
91 autogroup-attrset groupOfURLs memberURL member
92 autogroup-memberof-ad foo
96 As with static groups, update operations on groups with a large number
97 of members may be slow.
98 If the attribute part of the URI is specified, modify and delete operations
99 are more difficult to handle. In these cases the overlay will try to detect
100 if groups have been modified and then simply refresh them. This can cause
101 performance hits if the search specified by the URI deals with a significant
105 This module was originally written in 2007 by Michał Szulczyński. Further
106 enhancements were contributed by Howard Chu, Raphael Ouazana,
107 Norbert Pueschel, and Christian Manal.
110 Copyright 1998-2014 The OpenLDAP Foundation.
111 Portions Copyright (C) 2007 Michał Szulczyński.
114 Redistribution and use in source and binary forms, with or without
115 modification, are permitted only as authorized by the OpenLDAP
118 A copy of this license is available in file LICENSE in the
119 top-level directory of the distribution or, alternatively, at
120 http://www.OpenLDAP.org/license.html.