[Freeipa-users] ldap-filter, LDAP_MATCHING_RULE_IN_CHAIN, apache 2.2
Dmitri Pal
dpal at redhat.com
Fri Mar 22 12:04:08 UTC 2013
On 03/21/2013 09:04 AM, Jan-Frode Myklebust wrote:
> Serverdefault has a hack for supporting nested groups on
> RHEL5/apache-2.2 involving a ldap filter using
> LDAP_MATCHING_RULE_IN_CHAIN on Active Directory, ref:
>
> http://serverfault.com/a/424706
>
> Does anybody know if a similar filter can be created for an with
> IPA/389ds backend ?
In IPA/389 each user has a full list of the DNs of the groups he is a
member of.
Also the member attribute in the group is the list of DNs of all members
and member groups.
IPA/389 supports a dereference control.
But the question is: what are you trying to accomplish?
If you need to check whether the user is a member of the group it is a
simple search using member attribute as a filter.
>
>
> -jf
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list