I've got a hierarchical eDir tree that's being synced to another eDir

The vault is essentially flat (all the users are in one container)

The vault then syncs to AD.

We do not sync group objects.

We would like to add groups to be synced, but ONLY if the groups are in
a specific eDir container.

We may eventually expand this to have other groups, but for now, just
wanted to sync specific groups.

I imagine the first/best thing to do (in the test lab) would be to add
another container in the vault for "groups" (like we have ou=users type
of thing).

In eDir I know that the group relationship is two-way (not sure if the
right word or not).

Meaning, the group object has an attribute for the members of the
group. That links to the user object so that the user object has a list
of groups that the user is a member of.

I am assuming I need to not only add the group object to be synced
(object class that is) but also the two attributes (the one on the group
object and the one on the user object)?

