What are the caveats of using 'isMemberOf' virtual attribute to determine a user's group membership?

737 views Asked by At
  1. Do all LDAP servers support this virtual attribute (by default)?

  2. I read that we have to enable this virtual attribute before using it. Is this how it works for all LDAP servers? Isn't this enabled by default?

  3. Are there any other drawbacks of using this to determine a user's group membership?

1

There are 1 answers

5
user207421 On BEST ANSWER
  1. No. OpenLDAP doesn't, for a start, unless you configure it specifically, using a non-default overlay.
  2. No.
  3. A virtual attribute implies a search every time it is evaluated. You might not want to pay the price.