Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 56792 invoked from network); 12 Mar 2010 12:18:11 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 12 Mar 2010 12:18:11 -0000 Received: (qmail 69853 invoked by uid 500); 12 Mar 2010 12:17:34 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 69830 invoked by uid 500); 12 Mar 2010 12:17:34 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 69821 invoked by uid 99); 12 Mar 2010 12:17:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Mar 2010 12:17:34 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of akarasulu@gmail.com designates 209.85.220.221 as permitted sender) Received: from [209.85.220.221] (HELO mail-fx0-f221.google.com) (209.85.220.221) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Mar 2010 12:17:28 +0000 Received: by fxm21 with SMTP id 21so680316fxm.11 for ; Fri, 12 Mar 2010 04:17:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=NrwJpMZk4bZHCDJuwNv2Cqv1LqBpijC6XbzOTT2cIMU=; b=Y/kvAX8Puqobyen14KpUiGDTutT0PQEx72TkEHrD75bwsuznlKp12xSlmekYTDXAPr F3v8KlPpR+LDC4sU5TOTXelo6tPhZ0xDFe8DqdvY8Ofh+6mz9BF/UHhooj+sp1ppgK/K 5lMGeEBi58J/8LvujIKvG47AhmYFWYBoUEa9g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=vUD7kIVgxNd4K82PMWVjdzSTPsAnTJzcA3YRVEKvv9CsIW9vjESP4zZqaIltGVnmzC Cl7uMoNr69owXQfVSRlSbBq319rj0WFKyFeAiviW3kQNHxfq6bQG46jRKjvc9fssUKlS Jbj21EaLr43tDh6Fgym6S85mF4KSrp2Bvy4pA= MIME-Version: 1.0 Received: by 10.239.190.6 with SMTP id v6mr519877hbh.88.1268396228046; Fri, 12 Mar 2010 04:17:08 -0800 (PST) In-Reply-To: <4B99EDBD.9030603@labeo.de> References: <4B994187.8030002@palantirtech.com> <4B99EDBD.9030603@labeo.de> Date: Fri, 12 Mar 2010 14:17:07 +0200 Message-ID: Subject: Re: Nested Groups and the Atlassian Crowd Connector From: Alex Karasulu To: users@directory.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org We could write a stored procedure and initerceptor to do this I think. But it takes time and work :) On Fri, Mar 12, 2010 at 9:31 AM, Stefan Zoerner wrote: > Hi Carl! > > Carl Myers wrote: >> >> One workaround that occured to me is: Can ApacheDS be configured to >> automatically flatten nested groups, and always return transitive member= s? > > I assume no. At least it is not easy, to accomplish this task. A director= y > does not know, what nested groups are. It does not know, what groups are. > For the directory they are simply entries. Nested groups are detected by > performing several search requests as described here: > > http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best= -practices-200210.htm#_memberOf_Algorithm > > Either the Crowd code contains an error, your it has problems with your d= ata > (which might by an error as well). Is it possible to configure a depth fo= r > the searches? Strange thing, that some nested groups a resolved, some are > not ... > > Anyway. From an ApacheDS point of view, it would be possible to implement= an > interceptor which detects (and returns) all nested groups a user belongs = to, > if a specific search op is send to the server. > > But this would be custom application development, not a quick workaround. > > Greetings from Hamburg, > =A0 =A0StefanZ > > --=20 Alex Karasulu My Blog :: http://www.jroller.com/akarasulu/ Apache Directory Server :: http://directory.apache.org Apache MINA :: http://mina.apache.org