SLAPO-MEMBEROF(5) File Formats Manual SLAPO-MEMBEROF(5)
NAME
slapo-memberof - Reverse Group Membership overlay to slapd
SYNOPSIS
/etc/openldap/slapd.conf
DESCRIPTION
The memberof overlay to slapd(8) allows automatic reverse group membership maintenance. Any time a group entry is modified, its members
are modified as appropriate in order to keep a DN-valued "is member of" attribute updated with the DN of the group.
CONFIGURATION
The config directives that are specific to the memberof overlay must be prefixed by memberof-, to avoid potential conflicts with directives
specific to the underlying database or to other stacked overlays.
overlay memberof
This directive adds the memberof overlay to the current database; see slapd.conf(5) for details.
The following slapd.conf configuration options are defined for the memberofoverlay.
memberof-group-oc <group-oc>
The value <group-oc> is the name of the objectClass that triggers the reverse group membership update. It defaults to groupOfNames.
memberof-member-ad <member-ad>
The value <member-ad> is the name of the attribute that contains the names of the members in the group objects; it must be DN-val-
ued. It defaults to member.
memberof-memberof-ad <memberof-ad>
The value <memberof-ad> is the name of the attribute that contains the names of the groups an entry is member of; it must be DN-val-
ued. Its contents are automatically updated by the overlay. It defaults to memberOf.
memberof-dn <dn>
The value <dn> contains the DN that is used as modifiersName for internal modifications performed to update the reverse group mem-
bership. It defaults to the rootdn of the underlying database.
memberof-dangling {ignore, drop, error}
This option determines the behavior of the overlay when, during a modification, it encounters dangling references. The default is
ignore, which may leave dangling references. Other options are drop, which discards those modifications that would result in dan-
gling references, and error, which causes modifications that would result in dangling references to fail.
memberof-dangling-error <error-code>
If memberof-dangling is set to error, this configuration parameter can be used to modify the response code returned in case of vio-
lation. It defaults to "constraint violation", but other implementations are known to return "no such object" instead.
memberof-refint {true|FALSE}
This option determines whether the overlay will try to preserve referential integrity or not. If set to TRUE, when an entry con-
taining values of the "is member of" attribute is modified, the corresponding groups are modified as well.
The memberof overlay may be used with any backend that provides full read-write functionality, but it is mainly intended for use with local
storage backends.
FILES
/etc/openldap/slapd.conf
default slapd configuration file
SEE ALSO
slapd.conf(5), slapd-config(5), slapd(8). The slapo-memberof(5) overlay supports dynamic configuration via back-config.
ACKNOWLEDGEMENTS
This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.
OpenLDAP 2.4.21 2009/12/20 SLAPO-MEMBEROF(5)