I am currently working on a task to pull in a contribution to add LDAP support for the purpose of loading roles to the security realms used for domain management, before this is committed I want to make sure we have covered the various ways that user and group information can be represented in LDAP.
The requirements are currently being captured in the following document: -
Once completed and committed the document will be updated with the example configuration for each of the scenarios included.
I have some example LDIFs from my own installations and previous examples we have used with the LDAP based login modules but I would also like to identify any real world examples to take into account.
Example LDIFs that would be most interesting are any showing real life situations where groups are subsequently members of additional groups where it is desirable for a user to be seen as a member of all of the groups. The second example that would be most interesting is where a user is a member of groups located at different levels or in different locations of the overall tree.
Also if you have any LDIF examples that you don't think have been sufficiently catered for in our existing login modules.
If you have something to share please either paste your LDIF here or add it to the examples section of the requirements document, feel free to remove anything sensitive but do try to leave enough information for your LDIF to be readable ;-) Also if possible please let us know what LDAP server you are using and how customised your set up is from the default installation.