JBoss.orgCommunity Documentation
Memberships are used to assign a role within a group. They are entries that are placed under the group entry of their scope group. Users in this role are defined as attributes of the membership entry.
For example, to designate tom as the manager of the group human-resources:
ou=human-resources,ou=groups,ou=portal,dc=exoplatform,dc=org
...
cn=manager,ou=human-resources,ou=groups,ou=portal,dc=exoplatform,dc=org
member: uid=tom,ou=users,ou=portal,dc=exoplatform,dc=org
...
The parameters to configure memberships are:
<field name="membershipLDAPClasses">
<string>top,groupOfNames</string>
</field>
<field name="membershipTypeMemberValue">
<string>member</string>
</field>
<field name="membershipTypeRoleNameAttr">
<string>cn</string>
</field>
<field name="membershipTypeObjectClassFilter">
<string>objectClass=organizationalRole</string>
</field>
membershipLDAPClasses: the commas are used to separate the list of classes for creating memberships.
When a new membership is created, an entry will be also created with the given objectClass attributes. The classes must at least define the attribute designated by membershipTypeMemberValue. Example: Adding membership validator would produce:
cn=validator,ou=human-resources,ou=groups,ou=portal,dc=exoplatform,dc=org objectclass: top objectClass: groupOfNames ...
membershipTypeMemberValue: Multi-valued attribute is used in memberships to reference users that have the role in the group.
Values should be a user dn.
Example: james and root, who have admin role within the group human-resources, would give:
cn=admin,ou=human-resources,ou=groups,ou=portal,dc=exoplatform,dc=org member: cn=james,ou=users,ou=portal,dc=exoplatform,dc=org member: cn=root,ou=users,ou=portal,dc=exoplatform,dc=org ...
membershipTypeRoleNameAttr: Attribute of the membership entry whose value refers to the membership type.
For example, in the following membership entry:
cn=manager,ou=human-resources,ou=groups,ou=portal,dc=exoplatform,dc=org
The cn attribute is used to designate the manager membership type. In other words, the name of role is given by the 'cn' attribute.
membershipTypeObjectClassFilter: Filter is used to distinguish membership entries under groups. You can use the more complex filters.
For example, the following is a filter used for a customer that needs to trigger a dynlist overlay on OpenLDAP.
(&amp;(objectClass=ExoMembership)(membershipURL=*))
Please pay attention to the xml escaping of the '&' (and) operator.