LDAP user/group operations

84 views Asked by At

I'm using Sun DS v5.2. I have three attributes: designation, role. I am using a tool using which when i create a create/modify user entry with designation filled, a unique member is added to a group 'Members'.

Now, there are circumstances where

Scenario1: * Creating/ Modifying user entry is not done via the tool and so unique member for this user entry is not added to the group 'Members'.

Scenario2: * When user entry is deleted the corresponding, group entry is not deleted.

This is causing inconsistency in the users and the group.

Can you please suggest ways to resolve this problem?

Thanks, Sash.

1

There are 1 answers

0
Pruthvi Raj Nadimpalli On BEST ANSWER

For scenario #1, you can get the list of users with designation set (e.g with search filter ((objectclass=yourUserClass)(designationAttribute=*)), then retrieve the Member group and figure out who is missing

For scenario 2, you can easily extract those user entries without designation attribute with the following search filter ((objectclass=yourUserClass)(!(designationAttribute=*)) , then you can remove them from the Member group if needed.