One of those things I always had a love/hate relationship with in the Netscape/Sun directory server was dynamic lists. Loved 'em because you could create email lists and aci groups that were self maintaining based on ldap filter criteria. Hated 'em because no third party app's knew how to use them - most apps see groups as groupofmembers or groupofuniquemembers with a list of dn's in member/uniquemember. It would be nice to have a dynamic group like Netscape's groupOfUrls (i.e. an ldap url defines members), but have the members returned to clients as uniquemembers of the group. In this way, you could create dynamic groups that are much more useful. For example, if I created: cn: hr users objectclass: top objectclass: groupofuniquenames objectclass; groupofurls memberurl: ldap:///<basedn>??sub?(department=hr) ... and did a search to retrieve it, the people that match the memberurl would be returned dynamically as uniquemember values. Issues I see with this: 1. Server load - if I have a lot of these groups and do a search that returns all groupofurl entries, it could take a lot of resources to generate that dynamically. 2. Assuming this is inherited from groupofuniquenames, what happens if I add static members to uniquemember? I would say return the merged list. How do we know if a value is static or dynamic, to do things like removing a static member? We don't, but this is similar to the issues using class of service where attributes are dynamically added. (Actually, would it be possible to implement this using class of service? Hmmm...) - Jeff
