FreeBSD Manual Pages

home | help
SLAPO-MEMBEROF(5)	      File Formats Manual	     SLAPO-MEMBEROF(5)

NAME
       slapo-memberof -	Reverse	Group Membership overlay to slapd

SYNOPSIS
       /usr/local/etc/openldap/slapd.conf

DESCRIPTION
       The memberof overlay to slapd(8)	allows automatic reverse group member-
       ship  maintenance.  Any time a group entry is modified, its members are
       modified	as appropriate in order	to keep	a DN-valued "is	member of" at-
       tribute updated with the	DN of the group.

       Note that the dynlist overlay can also provide this  functionality  and
       may be suitable for less	demanding environments.

CONFIGURATION
       The config directives that are specific to the memberof overlay must be
       prefixed	 by  memberof-,	 to  avoid potential conflicts with directives
       specific	to the underlying database or to other stacked overlays.

       overlay memberof
	      This directive adds the memberof overlay to  the	current	 data-
	      base; see	slapd.conf(5) for details.

       The following slapd.conf	configuration options are defined for the mem-
       berof overlay.

       memberof-group-oc <group-oc>
	      The  value  <group-oc> is	the name of the	objectClass that trig-
	      gers the	reverse	 group	membership  update.   It  defaults  to
	      groupOfNames.

       memberof-member-ad <member-ad>
	      The value	<member-ad> is the name	of the attribute that contains
	      the  names  of  the members in the group objects;	it must	be DN-
	      valued.  It defaults to member.

       memberof-memberof-ad <memberof-ad>
	      The value	<memberof-ad> is the name of the attribute  that  con-
	      tains  the names of the groups an	entry is member	of; it must be
	      DN-valued.  Its contents are automatically updated by the	 over-
	      lay.  It defaults	to memberOf.

       memberof-dn <dn>
	      The value	<dn> contains the DN that is used as modifiersName for
	      internal	modifications  performed  to  update the reverse group
	      membership.  It defaults to the rootdn of	the  underlying	 data-
	      base.

       memberof-dangling {ignore, drop,	error}
	      This  option determines the behavior of the overlay when,	during
	      a	modification, it encounters dangling references.  The  default
	      is  ignore,  which may leave dangling references.	 Other options
	      are drop,	which discards those modifications that	 would	result
	      in  dangling  references,	 and error, which causes modifications
	      that would result	in dangling references to fail.

       memberof-dangling-error <error-code>
	      If memberof-dangling is set to error, this configuration parame-
	      ter can be used to modify	the response code returned in case  of
	      violation.  It defaults to "constraint violation", but other im-
	      plementations are	known to return	"no such object" instead.

       memberof-refint {true|FALSE}
	      This  option determines whether the overlay will try to preserve
	      referential integrity or not.  If	set to	TRUE,  when  an	 entry
	      containing  values  of the "is member of"	attribute is modified,
	      the corresponding	groups are modified as well.

       memberof-addcheck {true|FALSE}
	      This option determines whether  the  overlay  will  check	 newly
	      added  entries for membership in any existing groups. This check
	      is useful	if populated groups are	created	in the	directory  be-
	      fore the entries they reference. The situation often occurs dur-
	      ing  replication,	 which	may replicate entries in random	order.
	      If set to	TRUE, every Add	operation will search for groups  ref-
	      erencing	the  added  entry  and populate	its memberof attribute
	      with the group DNs. Note that memberof-dangling must be left  on
	      its default setting of ignore for	this option to work.

       The  memberof  overlay  may be used with	any backend that provides full
       read-write functionality, but it	is mainly intended for use with	 local
       storage	backends.  The maintenance operations it performs are internal
       to the server on	which the overlay is configured	and are	 never	repli-
       cated.  Consumer	 servers should	be configured with their own instances
       of the memberOf overlay if it is	desired	to maintain these memberOf at-
       tributes	on the consumers. Consumers must also be configured to exclude
       the memberof attribute from replication.	 (See the  exattrs  option  in
       the consumer configuration.)

FILES
       /usr/local/etc/openldap/slapd.conf
	      default slapd configuration file

BACKWARD COMPATIBILITY
       The  memberof  overlay  has been	reworked with the 2.5 release to use a
       consistent namespace as with other overlays. As a side-effect the  fol-
       lowing cn=config	parameters are deprecated and will be removed in a fu-
       ture release: olcMemberOf is replaced with olcMemberOfConfig

SEE ALSO
       slapo-dynlist(5),   slapd.conf(5),   slapd-config(5),   slapd(8).   The
       slapo-memberof(5) overlay supports dynamic configuration	via  back-con-
       fig.

ACKNOWLEDGEMENTS
       This  module  was  written  in  2005  by	Pierangelo Masarati for	SysNet
       s.n.c.

OpenLDAP 2.6.9			  2024/11/26		     SLAPO-MEMBEROF(5)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=slapo-memberof&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
