Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SLAPO-MEMBEROF(5)	      File Formats Manual	     SLAPO-MEMBEROF(5)

NAME
       slapo-memberof -	Reverse	Group Membership overlay to slapd

SYNOPSIS
       /usr/local/etc/openldap/slapd.conf

DESCRIPTION
       The memberof overlay to slapd(8)	allows automatic reverse group member-
       ship maintenance.  Any time a group entry is modified, its members  are
       modified	as appropriate in order	to keep	a DN-valued "is	member of" at-
       tribute updated with the	DN of the group.

CONFIGURATION
       The config directives that are specific to the memberof overlay must be
       prefixed	 by  memberof-,	 to  avoid potential conflicts with directives
       specific	to the underlying database or to other stacked overlays.

       overlay memberof
	      This directive adds the memberof overlay to  the	current	 data-
	      base; see	slapd.conf(5) for details.

       The following slapd.conf	configuration options are defined for the mem-
       berof overlay.

       memberof-group-oc _group-oc_
	      The value	_group-oc_ is the name of the objectClass  that	 trig-
	      gers  the	 reverse  group	 membership  update.   It  defaults to
	      groupOfNames.

       memberof-member-ad _member-ad_
	      The value	_member-ad_ is the name	of the attribute that contains
	      the  names  of  the members in the group objects;	it must	be DN-
	      valued.  It defaults to member.

       memberof-memberof-ad _memberof-ad_
	      The value	_memberof-ad_ is the name of the attribute  that  con-
	      tains  the names of the groups an	entry is member	of; it must be
	      DN-valued.  Its contents are automatically updated by the	 over-
	      lay.  It defaults	to memberOf.

       memberof-dn _dn_
	      The value	_dn_ contains the DN that is used as modifiersName for
	      internal modifications performed to  update  the	reverse	 group
	      membership.   It	defaults to the	rootdn of the underlying data-
	      base.

       memberof-dangling {ignore, drop,	error}
	      This option determines the behavior of the overlay when,	during
	      a	 modification, it encounters dangling references.  The default
	      is ignore, which may leave dangling references.	Other  options
	      are  drop,  which	discards those modifications that would	result
	      in dangling references, and error,  which	 causes	 modifications
	      that would result	in dangling references to fail.

       memberof-dangling-error _error-code_
	      If memberof-dangling is set to error, this configuration parame-
	      ter can be used to modify	the response code returned in case  of
	      violation.  It defaults to "constraint violation", but other im-
	      plementations are	known to return	"no such object" instead.

       memberof-refint {true|FALSE}
	      This option determines whether the overlay will try to  preserve
	      referential  integrity  or  not.	 If set	to TRUE, when an entry
	      containing values	of the "is member of" attribute	 is  modified,
	      the corresponding	groups are modified as well.

       The  memberof  overlay  may be used with	any backend that provides full
       read-write functionality, but it	is mainly intended for use with	 local
       storage	backends.  The maintenance operations it performs are internal
       to the server on	which the overlay is configured	and are	 never	repli-
       cated.  Consumer	 servers should	be configured with their own instances
       of the memberOf overlay if it is	desired	to maintain these memberOf at-
       tributes	 on the	consumers.  Note that slapo-memberOf is	not compatible
       with syncrepl based replication,	and should not be used in a replicated
       environment.  An	 alternative is	to use slapo-dynlist to	emulate	slapo-
       memberOf	behavior.

FILES
       /usr/local/etc/openldap/slapd.conf
	      default slapd configuration file

SEE ALSO
       slapd.conf(5), slapd-config(5), slapd(8).  The slapo-memberof(5)	 over-
       lay supports dynamic configuration via back-config.

ACKNOWLEDGEMENTS
       This  module  was  written  in  2005  by	Pierangelo Masarati for	SysNet
       s.n.c.

OpenLDAP 2.4.59			  2021/06/03		     SLAPO-MEMBEROF(5)

NAME | SYNOPSIS | DESCRIPTION | CONFIGURATION | FILES | SEE ALSO | ACKNOWLEDGEMENTS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=slapo-memberof&sektion=5&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help