directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <ste...@labeo.de>
Subject Re: Nested Groups and the Atlassian Crowd Connector
Date Fri, 12 Mar 2010 07:31:09 GMT
Hi Carl!

Carl Myers wrote:
> One workaround that occured to me is: Can ApacheDS be configured to 
> automatically flatten nested groups, and always return transitive members?

I assume no. At least it is not easy, to accomplish this task. A 
directory does not know, what nested groups are. It does not know, what 
groups are. For the directory they are simply entries. Nested groups are 
detected by performing several search requests as described here:

http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best-practices-200210.htm#_memberOf_Algorithm

Either the Crowd code contains an error, your it has problems with your 
data (which might by an error as well). Is it possible to configure a 
depth for the searches? Strange thing, that some nested groups a 
resolved, some are not ...

Anyway. From an ApacheDS point of view, it would be possible to 
implement an interceptor which detects (and returns) all nested groups a 
user belongs to, if a specific search op is send to the server.

But this would be custom application development, not a quick workaround.

Greetings from Hamburg,
     StefanZ


Mime
View raw message