SLAPO-NESTGROUP(5) File Formats Manual SLAPO-NESTGROUP(5)
NAME
slapo-nestgroup - Nested Group overlay to slapd
SYNOPSIS
/etc/ldap/slapd.conf
DESCRIPTION
The nestgroup overlay to slapd(8) supports evaluation of nested groups
in Search operations. Support consists of four possible features: inclu-
sion of parent groups when searching with (member=) filters, inclusion
of child groups when searching with (memberOf=) filters, expansion of
child groups when returning member attributes, and expansion of parent
groups when returning memberOf attributes. Each of these features may be
enabled independently. By default, no features are enabled, so this
overlay does nothing unless explicitly enabled.
CONFIGURATION
The config directives that are specific to the nestgroup overlay must be
prefixed by nestgroup-, to avoid potential conflicts with directives
specific to the underlying database or to other stacked overlays.
overlay nestgroup
This directive adds the nestgroup overlay to the current data-
base; see slapd.conf(5) for details.
The following slapd.conf configuration options are defined for the nest-
group overlay.
nestgroup-member <member-ad>
The value <member-ad> is the name of the attribute that contains
the names of the members in the group objects; it must be DN-val-
ued. It defaults to member.
nestgroup-memberof <memberof-ad>
The value <memberof-ad> is the name of the attribute that con-
tains the names of the groups an entry is member of; it must be
DN-valued. It defaults to memberOf.
nestgroup-base <dn>
The value <dn> specifies a subtree that contains group entries in
the DIT. This may be specified multiple times for multiple dis-
tinct subtrees. It has no default and the overlay does no pro-
cessing unless it is explicitly configured.
nestgroup-flags {member-filter, memberof-filter, member-values, mem-
berof-values}
This option specifies which features to enable in the overlay.
By default, nothing is enabled and the overlay is a no-op.
The nestgroup overlay may be used with any backend that provides stan-
dard search functionality.
FILES
/etc/ldap/slapd.conf
default slapd configuration file
SEE ALSO
slapo-dynlist(5), slapo-memberof(5), slapd.conf(5), slapd-config(5),
slapd(8). The slapo-nestgroup(5) overlay supports dynamic configuration
via back-config.
ACKNOWLEDGEMENTS
This module was written in 2024 by Howard Chu of Symas Corporation.
OpenLDAP 2.6.10+dfsg-1 2025/05/22 SLAPO-NESTGROUP(5)
Generated by dwww version 1.16 on Sat Dec 13 09:25:48 CET 2025.