Hi Emmanuel
Thanks.. So its not possible.. I understand static groups are more efficient but I need to be able to get info on dynamic groups too..
Actually I need to develop a software piece which can connect to any given customer's LDAP server.. which might have either static or dynamic groups, and do authorizations based on the group.
So getting list of all dynamic groups in the system was important ( to help user give permissions to those groups)
-Avneet Singh
On 1/5/07, Emmanuel Lecharny <elecharny@gmail.com> wrote:
Avneet Singh a écrit :

> Hello & Happy New Year..
> Question..How can i get list of distinct values for a given attribute
> in a
> node in ApacheDS
> For e.g If I want to know list of distinct 'departmentNumber' my users
> belong to, how can I do that?

Well, such requests are not possible genuine on a Ldap server. However,
there are solutions :
store all the groups in a specific branch (dc=departmentNumber, ...)
where you will store all the distincts departments, and all the
associated attributes.
Then, each user will point to those entries using an alias.

This will have many advantages :
1) you will have a quick access to the departmentNumber elements
2) you will be able to avoid suplication of values if you add some
information to those entries
3) as soon as you modify one of these entries, all the users belonging
to those departments will be updated (not directly, but anyway)

Just have in mind that a Ldap Server is not a SQL database, so you will
need to organize your data in a efficient way.

> Querying all users and finding this programitically would be too much
> memory
> and time consuming.(and not feasible for large user base)


> My real requirement is to get list of all dynamic groups in ADS (in above
> example 'Deparments' is the dynamic groups identified by the attribute
> 'departmentNumber'. That's why I need list of unique departmentNumbers.)
> Does ApacheDS provides a way to do this??

Natively, no. You will have to organize your data in a way that fits
your requests. Remember that the Ldap Protocol offers very limited
requests : you can only filter, but not gather information ( 'unique',
'sort' and such operation are currently not included in the server.
However, we may extend the server by including extended requests or
controls to deal with such requests. Just ask for them :)

Hope it helps and that I didn't missed something...


Avneet Singh