We currently use LDAP as User+Group(+VCard) provider and are very keen on using the our LDAP groups to give per MUCRoom access rights. This currently isn’t really usable since the information about group memberships is read only at startup and there is no way to update that information anymore.
I looked into the sources and debugged a bit, and it seems that in LocalMUCRoom.java applyAffiliationChange iterates over all group members and adds them to their respective user lists; This should somehow be retriggered at least when the GroupCache is cleared.
Another thing that I don’t understand yet: GroupProvider has addMember, updateMember, deleteMember, but it doesn’t have isMember which would be completely useful in this case, and which could be cached in a separate LDAP query cache.
So does anybody have a patch for that lying around?
If not, do you think it makes sense to go ahead like this:
extend GroupProvider interface and all the GroupProviders by adding shortcut to check for group membership
modify LocalMUCRoom (and maybe its remote counterparts?) to not look into locally stored lists, but instead to query the GroupProvider directly instead. The GroupProvider would then have to take care of caching.