> > >> I notice the imapd.conf man page mentions the 'memberOf' attribute. > > >> Unless I'm mistaken, that's a bit of a controversial thing, huh? > > ib> Why is that? > > Oh, when googling around and digging through various forums I was > > getting the impression that the 'memberOf' approach wasn't too well > > supported by the OpenLDAP community, or at least at one point. > Nah. This is just a multi-valued attrib that holds group names. OpenLDAP > has group functionality for acl and the two are not necessarily related.
Right, just use groupOfUniqueNames/member. This really seems to be the cannonical way to do things. OpenLDAP supports this for writing ACLs, etc... and 2.2.x will offer some interesting things for dynamic groups.
