openldap/contrib/slapd-modules/autogroup/README

autogroup overlay Readme

DESCRIPTION
    The autogroup overlay allows automated updates of group memberships which
    meet the requirements of any filter contained in the group definition.
	The filters are built from LDAP URI-valued attributes. Any time an object
	is added/deleted/updated, it is tested for compliance with the filters,
    and its membership is accordingly updated. For searches and compares
    it behaves like a static group.

BUILDING
    A Makefile is included.

CONFIGURATION
    # dyngroup.schema:
        The dyngroup schema must be modified, adding the 'member' attribute
        to the MAY clause of the groupOfURLs object class, i.e.:

        objectClass ( NetscapeLDAPobjectClass:33
        NAME 'groupOfURLs'
        SUP top STRUCTURAL
        MUST cn
        MAY ( memberURL $ businessCategory $ description $ o $ ou $
                owner $ seeAlso $ member) )


    # slapd.conf:

    moduleload /path/to/autogroup.so
        Loads the overlay (OpenLDAP must be built with --enable-modules).

    overlay autogroup
        This directive adds the autogroup overlay to the current database.

    autogroup-attrset <group-oc> <URL-ad> <member-ad>
        This configuration option is defined for the autogroup overlay.
        It may have multiple occurrences, and it must appear after the
        overlay directive.

        The value <group-oc> is the name of the objectClass that represents 
        the group.

        The value <URL-ad> is the name of the attributeDescription that 
        contains the URI that is converted to the filters. If no URI is 
        present, there will be no members in that group. It must be a subtype
        of labeledURI.

        The value <member-ad> is the name of the attributeDescription that
        specifies the member attribute. User modification of this attribute 
        is disabled for consistency.


EXAMPLE
    ### slapd.conf
    include /path/to/dyngroup.schema
    # ...
    moduleload /path/to/autogroup.so
    # ...

    database <database>
    # ...

    overlay autogroup
    autogroup-attrset groupOfURLs memberURL member
    ### end slapd.conf

CAVEATS
    As with static groups, update operations on groups with a large number
    of members may be slow.

ACKNOWLEDGEMENTS
    This module was originally written in 2007 by Michał Szulczyński.

---
Copyright 1998-2009 The OpenLDAP Foundation.
Portions Copyright (C) 2007 Michał Szulczyński.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.

A copy of this license is available in file LICENSE in the
top-level directory of the distribution or, alternatively, at
http://www.OpenLDAP.org/license.html.
ITS#5145 autogroups, with minor cleanup 2007-12-15 19:48:56 +08:00			`autogroup overlay Readme`

			`DESCRIPTION`
Cleanup 2008-03-04 09:11:19 +08:00			`The autogroup overlay allows automated updates of group memberships which`
			`meet the requirements of any filter contained in the group definition.`
			`The filters are built from LDAP URI-valued attributes. Any time an object`
			`is added/deleted/updated, it is tested for compliance with the filters,`
ITS#5145 autogroups, with minor cleanup 2007-12-15 19:48:56 +08:00			`and its membership is accordingly updated. For searches and compares`
			`it behaves like a static group.`

			`BUILDING`
			`A Makefile is included.`

			`CONFIGURATION`
			`# dyngroup.schema:`
			`The dyngroup schema must be modified, adding the 'member' attribute`
			`to the MAY clause of the groupOfURLs object class, i.e.:`

			`objectClass ( NetscapeLDAPobjectClass:33`
			`NAME 'groupOfURLs'`
			`SUP top STRUCTURAL`
			`MUST cn`
			`MAY ( memberURL $ businessCategory $ description $ o $ ou $`
			`owner $ seeAlso $ member) )`


			`# slapd.conf:`

			`moduleload /path/to/autogroup.so`
Cleanup 2008-03-04 09:11:19 +08:00			`Loads the overlay (OpenLDAP must be built with --enable-modules).`
ITS#5145 autogroups, with minor cleanup 2007-12-15 19:48:56 +08:00
			`overlay autogroup`
			`This directive adds the autogroup overlay to the current database.`

			`autogroup-attrset <group-oc> <URL-ad> <member-ad>`
			`This configuration option is defined for the autogroup overlay.`
			`It may have multiple occurrences, and it must appear after the`
			`overlay directive.`

			`The value <group-oc> is the name of the objectClass that represents`
			`the group.`

			`The value <URL-ad> is the name of the attributeDescription that`
			`contains the URI that is converted to the filters. If no URI is`
			`present, there will be no members in that group. It must be a subtype`
			`of labeledURI.`

			`The value <member-ad> is the name of the attributeDescription that`
			`specifies the member attribute. User modification of this attribute`
			`is disabled for consistency.`


			`EXAMPLE`
			`### slapd.conf`
			`include /path/to/dyngroup.schema`
			`# ...`
			`moduleload /path/to/autogroup.so`
			`# ...`

			`database <database>`
			`# ...`

			`overlay autogroup`
			`autogroup-attrset groupOfURLs memberURL member`
			`### end slapd.conf`

			`CAVEATS`
			`As with static groups, update operations on groups with a large number`
			`of members may be slow.`

			`ACKNOWLEDGEMENTS`
Update contrib notices to reflect that they are distributed as part of OpenLDAP Software (though they may not necessarily be supported by the OpenLDAP Project). Assistance in updating ACKNOWLEDGEMENTS welcomed. 2009-08-17 06:55:23 +08:00			`This module was originally written in 2007 by Michał Szulczyński.`

			`---`
			`Copyright 1998-2009 The OpenLDAP Foundation.`
			`Portions Copyright (C) 2007 Michał Szulczyński.`
			`All rights reserved.`

			`Redistribution and use in source and binary forms, with or without`
			`modification, are permitted only as authorized by the OpenLDAP`
			`Public License.`

			`A copy of this license is available in file LICENSE in the`
			`top-level directory of the distribution or, alternatively, at`
			`http://www.OpenLDAP.org/license.html.`