defining an attribute based on the LDAP group membership.

Liam Hoekenga liamr at
Wed Jan 11 21:41:20 GMT 2012

I find myself possibly needing to populate an attribute based on  
whether a user is a member of an LDAP group.

I'm afraid that I'd have to resort to this thread..

...where I retrieve all of the user's group and stuff them into a  
single multi-value attribute.  Then I could base a new attribute on  
the presence of the desired group in the everyGroup attribute (or just  
do the check where-ever I was going to check the  
isMemberOfSpecialGroup attribute).

Seems like this could be a use for a centrally held entitlement or  
maybe a role, but we don't have those yet.  It seems silly to create a  
directory attribute specifically to authorize access to this one  

Can someone suggest an easier / smarter way to do this?


More information about the users mailing list