1 .TH SLAPO-AUTOGROUP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 1998-2017 \[u00A9] The OpenLDAP Foundation, All Rights Reserved.
3 .\" Portions Copyright \[u00A9] 2007 Michał Szulczyński.
4 .\" Copying restrictions apply. See the COPYRIGHT file.
7 \FCslapo-autogroup\FT \- automatic updates of group memberships which meet the
8 requirements of any filter contained in the group definition.
12 \FCinclude ETCDIR/schema/dyngroup.schema\FT
14 \FCmoduleload autogroup.so\FT
18 \FCoverlay autogroup\FT
19 \FCautogroup-attrset groupOfURLs memberURL member\FT
25 allows automated updates of group memberships which meet the requirements
26 of any filter contained in the group definition. The filters are built from
27 LDAP URI-valued attributes. Any time an object is added/deleted/updated, it is
28 tested for compliance with the filters, and its membership is accordingly
29 updated. For searches and compares, it behaves like a static group.
30 If the attribute part of the URI is filled, the group entry is populated by
31 the values of this attribute in the entries resulting from the search.
34 .BR \FCslapd.conf\FT (5)
35 or the \FCcn=config\FT methodology of
36 .BR \FCslapd-config\FT (5)
37 may be used for configuring autogroup. Both syntaxes are provided
40 .B \FCautogroup-attrset\FT <group-oc> <URL-ad> <member-ad>
42 .B \FColcAGattrSet:\FT <group-oc> <URL-ad> <member-ad>
43 This defines the objectclass-attribute-URI mappings defining the
44 automatically managed groups, and may appear multiple times.
46 The value <group-oc> is the name of the objectClass that represents
49 The value <URL-ad> is the name of the attributeDescription that
50 contains the URI that is converted to the filters. If no URI is
51 present, there will be no members in that group. It must be a subtype
54 The value <member-ad> is the name of the attributeDescription that
55 specifies the member attribute. User modification of this attribute is
56 disabled for consistency.
58 .B \FCautogroup-memberof-ad\FT <memberof-ad>
60 .B \FColcAGmemberOfAd\FT <memberof-ad>
61 This defines the attribute that is used by the memberOf overlay to
62 store the names of groups that an entry is member of; it must be
63 DN-valued. It should be set to the same value as
64 memberof-memberof-ad. It defaults to 'memberOf'.
66 As above in SYNOPSIS, or with memberof:
69 \FCinclude ETCDIR/schema/dyngroup.schema\FT
70 \FCinclude ETCDIR/schema/memberof.schema\FT
72 \FCmoduleload autogroup.so\FT
73 \FCmoduleload memberof.so\FT
77 \FCoverlay memberof\FT
78 \FCmemberof-memberof-ad\FT foo
80 \FCoverlay autogroup\FT
81 \FCautogroup-attrset groupOfURLs memberURL member\FT
82 \FCautogroup-memberof-ad\FT foo
84 As with static groups, update operations on groups with a large number
85 of members may be slow. If the attribute part of the URI is specified,
86 modify and delete operations are more difficult to handle. In these
87 cases the overlay will try to detect if groups have been modified and
88 then simply refresh them. This can cause performance hits if the
89 search specified by the URI deals with a significant number of
92 This module was originally written in 2007 by Michał
93 Szulczyński. Further enhancements were contributed by Howard
94 Chu, Raphael Ouazana, Norbert Pueschel, and Christian Manal. Manpage
95 updates provided by Emily Backes.
100 Copyright \[u00A9] 1998-2017 The OpenLDAP Foundation.
101 Portions Copyright \[u00A9] 2007 Michał Szulczyński.
projects / openldap / blob