diff options
Diffstat (limited to '')
-rw-r--r-- | doc/man/man5/slapo-memberof.5 | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/doc/man/man5/slapo-memberof.5 b/doc/man/man5/slapo-memberof.5 new file mode 100644 index 0000000..45bf1b1 --- /dev/null +++ b/doc/man/man5/slapo-memberof.5 @@ -0,0 +1,145 @@ +.TH SLAPO-MEMBEROF 5 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 1998-2022 The OpenLDAP Foundation, All Rights Reserved. +.\" Copying restrictions apply. See the COPYRIGHT file. +.\" $OpenLDAP$ +.SH NAME +slapo\-memberof \- Reverse Group Membership overlay to slapd +.SH SYNOPSIS +ETCDIR/slapd.conf +.SH DESCRIPTION +The +.B memberof +overlay to +.BR slapd (8) +allows automatic reverse group membership maintenance. +Any time a group entry is modified, its members are modified as appropriate +in order to keep a DN-valued "is member of" attribute updated with the DN +of the group. +.LP +Note that this overlay is deprecated and support will be dropped in future +OpenLDAP releases. Installations should use the \fBdynlist\fP +overlay instead. Using this overlay in a replicated environment is especially +discouraged. + +.SH CONFIGURATION +The config directives that are specific to the +.B memberof +overlay must be prefixed by +.BR memberof\- , +to avoid potential conflicts with directives specific to the underlying +database or to other stacked overlays. + +.TP +.B overlay memberof +This directive adds the memberof overlay to the current database; see +.BR slapd.conf (5) +for details. + +.LP +The following +.B slapd.conf +configuration options are defined for the memberof overlay. + +.TP +.BI memberof\-group\-oc \ <group-oc> +The value +.I <group-oc> +is the name of the objectClass that triggers the reverse group membership +update. +It defaults to \fIgroupOfNames\fP. + +.TP +.BI memberof\-member\-ad \ <member-ad> +The value +.I <member-ad> +is the name of the attribute that contains the names of the members +in the group objects; it must be DN-valued. +It defaults to \fImember\fP. + +.TP +.BI memberof\-memberof\-ad \ <memberof-ad> +The value +.I <memberof-ad> +is the name of the attribute that contains the names of the groups +an entry is member of; it must be DN-valued. Its contents are +automatically updated by the overlay. +It defaults to \fImemberOf\fP. + +.TP +.BI memberof\-dn \ <dn> +The value +.I <dn> +contains the DN that is used as \fImodifiersName\fP for internal +modifications performed to update the reverse group membership. +It defaults to the \fIrootdn\fP of the underlying database. + +.TP +.BI "memberof\-dangling {" ignore ", " drop ", " error "}" +This option determines the behavior of the overlay when, during +a modification, it encounters dangling references. +The default is +.IR ignore , +which may leave dangling references. +Other options are +.IR drop , +which discards those modifications that would result in dangling +references, and +.IR error , +which causes modifications that would result in dangling references +to fail. + +.TP +.BI memberof\-dangling\-error \ <error-code> +If +.BR memberof\-dangling +is set to +.IR error , +this configuration parameter can be used to modify the response code +returned in case of violation. It defaults to "constraint violation", +but other implementations are known to return "no such object" instead. + +.TP +.BI "memberof\-refint {" true "|" FALSE "}" +This option determines whether the overlay will try to preserve +referential integrity or not. +If set to +.IR TRUE , +when an entry containing values of the "is member of" attribute is modified, +the corresponding groups are modified as well. + +.LP +The memberof overlay may be used with any backend that provides full +read-write functionality, but it is mainly intended for use +with local storage backends. The maintenance operations it performs +are internal to the server on which the overlay is configured and +are never replicated. Consumer servers should be configured with their +own instances of the memberOf overlay if it is desired to maintain +these memberOf attributes on the consumers. Note that slapo-memberOf +is not compatible with syncrepl based replication, and should not be +used in a replicated environment. An alternative is to use slapo-dynlist +to emulate slapo-memberOf behavior. + +.SH FILES +.TP +ETCDIR/slapd.conf +default slapd configuration file +.SH BACKWARD COMPATIBILITY +The memberof overlay has been reworked with the 2.5 release to use +a consistent namespace as with other overlays. As a side-effect the +following cn=config parameters are deprecated and will be removed in +a future release: +.B olcMemberOf +is replaced with olcMemberOfConfig +.SH SEE ALSO +.BR slapo-dynlist (5), +.BR slapd.conf (5), +.BR slapd\-config (5), +.BR slapd (8). +The +.BR slapo\-memberof (5) +overlay supports dynamic configuration via +.BR back-config . +.SH ACKNOWLEDGEMENTS +.P +This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c. + |