1 person found this helpful
Adding a user to a group based on the existence of another attribute is a custom procedure, so DSEE does not provide any specific feature OOTB to handle this.
Howveer, you can consider creating a directory plugin (e.g post modify ) to implement the desired logic. More on directory plugins at Sun ONE Directory Server 5.2 Plug-In API Programming Guide: Contents
If i want to get this done via scheduled scripts, can you please suggest best approach for best performance?
The DS has approx 30k records.
30K entries is a small database, so I don't think it is required to put in place clever algorithm.
For scenario #1, you can get the list of users with designation set (e.g with search filter ((objectclass=yourUserClass)(designationAttribute=*)),
then retrieve the Member group and figure out who is missing
For scenario 2, you can easily extract those user entries without designation attribute with the following search filter ((objectclass=yourUserClass)(!(designationAttribute=*)) , then you can remove them from the Member group if needed.
My 2 cents
The 'member' group is not one.
For example if entries with attribute 'designation': CPAdmin should be members of group cn=CPAdmin
In this case, what do you suggest?