Provided by: slapd_2.6.6+dfsg-1~exp1ubuntu1_amd64 bug

NAME

       slapo-memberof - Reverse Group Membership overlay to slapd

SYNOPSIS

       /etc/ldap/slapd.conf

DESCRIPTION

       The  memberof  overlay  to slapd(8) allows automatic reverse group membership maintenance.
       Any time a group entry is modified, its members are modified as appropriate  in  order  to
       keep a DN-valued "is member of" attribute updated with the DN of the group.

       Note  that  this  overlay  is  deprecated  and  support will be dropped in future OpenLDAP
       releases. Installations should use the dynlist overlay instead. Using this  overlay  in  a
       replicated environment is especially discouraged.

CONFIGURATION

       The  config  directives  that  are  specific  to  the memberof overlay must be prefixed by
       memberof-, to avoid  potential  conflicts  with  directives  specific  to  the  underlying
       database or to other stacked overlays.

       overlay memberof
              This directive adds the memberof overlay to the current database; see slapd.conf(5)
              for details.

       The following slapd.conf configuration options are defined for the memberof overlay.

       memberof-group-oc <group-oc>
              The value <group-oc> is the name of the objectClass that triggers the reverse group
              membership update.  It defaults to groupOfNames.

       memberof-member-ad <member-ad>
              The  value  <member-ad> is the name of the attribute that contains the names of the
              members in the group objects; it must be DN-valued.  It defaults to member.

       memberof-memberof-ad <memberof-ad>
              The value <memberof-ad> is the name of the attribute that contains the names of the
              groups an entry is member of; it must be DN-valued.  Its contents are automatically
              updated by the overlay.  It defaults to memberOf.

       memberof-dn <dn>
              The value <dn>  contains  the  DN  that  is  used  as  modifiersName  for  internal
              modifications performed to update the reverse group membership.  It defaults to the
              rootdn of the underlying database.

       memberof-dangling {ignore, drop, error}
              This option determines the behavior of the overlay when, during a modification,  it
              encounters  dangling  references.   The default is ignore, which may leave dangling
              references.  Other options are drop, which discards those modifications that  would
              result  in  dangling  references,  and error, which causes modifications that would
              result in dangling references to fail.

       memberof-dangling-error <error-code>
              If memberof-dangling is set to error, this configuration parameter can be  used  to
              modify the response code returned in case of violation.  It defaults to "constraint
              violation", but other implementations are known to return "no such object" instead.

       memberof-refint {true|FALSE}
              This option determines  whether  the  overlay  will  try  to  preserve  referential
              integrity  or  not.   If  set  to  TRUE, when an entry containing values of the "is
              member of" attribute is modified, the corresponding groups are modified as well.

       The memberof  overlay  may  be  used  with  any  backend  that  provides  full  read-write
       functionality,  but  it  is  mainly  intended  for  use  with  local storage backends. The
       maintenance operations it performs are internal to the server  on  which  the  overlay  is
       configured  and are never replicated. Consumer servers should be configured with their own
       instances of the memberOf overlay if it is desired to maintain these  memberOf  attributes
       on  the  consumers.   Note  that  slapo-memberOf  is  not  compatible  with syncrepl based
       replication, and should not be used in a replicated environment. An alternative is to  use
       slapo-dynlist to emulate slapo-memberOf behavior.

FILES

       /etc/ldap/slapd.conf
              default slapd configuration file

BACKWARD COMPATIBILITY

       The  memberof overlay has been reworked with the 2.5 release to use a consistent namespace
       as with other overlays. As a side-effect the following cn=config parameters are deprecated
       and will be removed in a future release: olcMemberOf is replaced with olcMemberOfConfig

SEE ALSO

       slapo-dynlist(5), slapd.conf(5), slapd-config(5), slapd(8).  The slapo-memberof(5) overlay
       supports dynamic configuration via back-config.

ACKNOWLEDGEMENTS

       This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.