Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
221222223224225226227228229230
objectClass: groupofurls
cn: dynamic group
description: Example dynamic group
memberURL:
ldap:///dc=example,dc=com??sub?(&(objectclass=person)(cn=*sen*))
5.4.4 Using the memberOf Attribute to manage group membership information
The entries that belong to a group are defined, in some way, in the group entry itself. This makes
it very easy to look at a group and see its members and to manage group membership centrally.
However, there is no good way to find out what groups a single user belongs to. There is nothing
in a user entry that indicates its memberships, as there are with roles.
The MemberOf Plug-in correlates group membership lists to the corresponding user entries. An
instance of the MemberOf Plug-in analyzes the member attribute (by default, member) in a group
entry and automatically writes a corresponding memberOf attributes in the member's entry. As
membership changes, the plug-in updates the memberOf attributes on the user entries. The
MemberOf Plug-in provides a way to view the groups to which a user belongs simply by looking
at the entry, including nested group membership. It can be very difficult to backtrack memberships
through nested groups, but the MemberOf Plug-in shows memberships for all groups, direct and
indirect.
IMPORTANT:
The memberOf attributes for user entries should not be replicated. Make sure that the memberOf
attribute is excluded from replication in the replication agreement. (Fractional replication is described
in “Replicating attributes with fractional replication” (page 319).)
Each server must maintain its own MemberOf Plug-in independently. To make sure that the
memberOf attributes for entries are the same across servers, simply configure the MemberOf Plug-in
the same on all servers.
The MemberOf Plug-in manages member attributes for static groups, not dynamic groups or circular
groups.
5.4.4.1 The MemberOf plug-in syntax
The MemberOf Plug-in instance defines two attributes, one for the group member attribute to poll
(memberofgroupattr) and the other for the attribute to create and manage in the member's
user entry (memberofattr).
The plug-in instance also gives the plug-in path and function to identify the MemberOf Plug-in and
contains a state setting to enable the plug-in, both of which are required for all plug-ins. The default
MemberOf Plug-in is shown in Example 6 “Default MemberOf plug-in entry” and the different
parameters are described in Table 22 (page 226).
5.4 Using groups 225