Memberurl - Netscape DIRECTORY SERVER 6.0 - SCHEMA Reference

memberCertificateDescription matches any certificate that contains a subject DN
with the same AVAs as the description. The description may contain multiple
"ou=" AVAs. A matching DN must contain those same "ou=" AVAs, in the same
order, although it may contain other AVAs (including other "ou=" AVAs)
interspersed. For any other attribute type (not ou), there should be at most one
AVA of that type in the description. If there are several, all but the last are ignored.
A matching DN must contain that same AVA, but no other AVA of the same type
nearer the root (later, syntactically).
AVAs are considered the same if they contain the same attribute description
(case-insensitive comparison) and the same attribute value (case-insensitive
comparison, leading and trailing whitespace ignored, and consecutive whitespace
characters treated as a single SP).
In order to be considered a member of a group with the following
memberCertificateDescription, a certificate would need to include ou=x, ou=A,
and o=example, but not o=company.
memberCertificateDescription: {ou=x, ou=A, o=company, o=example}
In order to match the group's requirements, a certificate's subject DNs must
contain the same ou attribute types in the same order as defined in the
memberCertificateDescription attribute.
This attribute is defined in Directory Server.
Syntax
IA5String, multi-valued.
OID
2.16.840.1.113730.3.1.199

memberURL

Definition
Identifies an URL associated with each member of a group. Any type of labeled
URL can be used.
For example:
memberURL: ldap://cn=jdoe, o=example.com
This attribute is defined in Directory Server.
Chapter 3 Attribute Reference 95