I think that you've (re)-invented 'filtered roles'. They've been supported in the server since 1999 or so. Your second point above I believe is covered by nested roles. Roles (deliberately) don't use the same schema as static groups, so the same problem you mentioned that apps don't support them applies still. They use the 'nsRole' attribute.
Yeah - but my point was that I want something that _does_ work with existing apps that know nothing about the Netscape/Sun extensions like nsRoles and memberURL - i.e. that could look up a "standard" groupofuniquenames groups and see things in the uniquemember attribute, without having to look at something else (i.e. nsRole). That has always been the problem with using these extensions. So what I am asking for _is_ different than the filtered roles, I think. :)
- Jeff -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
