samba - Sep 2014 - Group memberships in LDAP

When adding / removing an existing user to / from  an existing group, is 
there anything more to it than bookkeeping the 'member' and
'memberOf'
attributes of the respective entries?

I'm currently writing a small tool to maintain POSIX attributes in AD 
and it seems that membership could be changed without falling back to 
samba-tool.

When it's done and tested I'll be glad to share it.

Regards,
  - lars.

On 11/09/14 15:48, Lars Hanke wrote:
> When adding / removing an existing user to / from  an existing group, 
> is there anything more to it than bookkeeping the 'member' and 
> 'memberOf' attributes of the respective entries?
It is even easier than that, you just have to add the 'member' attribute
to a group , containing the DN of the user, once this is added the 
'memberOf' attribute will appear in the users DN stanza.

i.e.

create an ldif:

dn: CN=<group name>,CN=Users,DC=example,DC=com
changetype: modify
add: member
member: CN=Test User,CN=Users,DC=example,DC=com
-

Then add it with ldbmodify

Rowland
>
> I'm currently writing a small tool to maintain POSIX attributes in AD 
> and it seems that membership could be changed without falling back to 
> samba-tool.
>
> When it's done and tested I'll be glad to share it.
>
> Regards,
>  - lars.