tis 2006-03-07 klockan 13:56 +0100 skrev Werner.Rost@xxxxxx: > Now I have to check, whether a user is member of the group > internetaccess. The script above does not recognize, that jim is > member of the group internetaccess (because he is member of a > subgroup). > > How can I do this? Good question. LDAP isn't really designed for this even if technically allowed. But I guess one could write a program walking the hierarchy of groups looking for the user, or alternatively querying for all groups the user is member for and then query recursively for the parent groups of these until you find the group(s) you are looking for, while at the same time watching out for recursive referencess (group a member of b and group b member of a). Most likely the second approach is more efficient. Or you could rely on extensions specific to the type of LDAP server you use, as most LDAP servers have private support for nested groups (but each doing it differently). OpenLDAP however does not have any native support for nested groups. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
