. .

Reverse Group Membership Maintenance

Written by at August 22, 2012

The memberof overlay updates an attribute (by default memberOf) whenever changes occur to the membership attribute (by default member) of entries of the objectclass (by default groupOfNames) configured to trigger updates.

Add memberof module in cn=config

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la

Turn on memberof in the db

dn: olcOverlay=memberof,olcDatabase={1}bdb,cn=config
changetype: add
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf

It does not automatically update the existing data in the database, you need to re-load the DB to take effective

Testing the function

dn: uid=test1,ou=People,dc=q-station,dc=net
changetype: add
objectclass: account
uid: test1

dn: cn=testgroup,ou=Group,dc=q-station,dc=net
changetype: add
objectclass: groupOfNames
cn: testgroup
member: uid=test1,ou=People,dc=q-station,dc=net