Re: More on dynamic group searches
On 05/24/10 03:34 PM, Ian Collins wrote: On 05/24/10 01:11 PM, Howard Chu wrote: What have you done to test it? As the README says, it operates when a write operation occurs that may affect the membership of a given group. Yes it does, I was was using the wrong search (searching on uniqueMember, not member). The README states the member-ad part of the olcAGattrSet is fixed, this appears to be the case as I can't get uniqueMember to work. So, going back to my original problem, is there anyway OpenLDAP can support this search with dynamic/auto groups? filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber autogroup would work if the search were changed to: filter=((objectClass=posixGroup)(member=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber But I am unable to modify these searches as they are from third party applications which assume group members are identified by uniqueMember rather than member. -- Ian.
More on dynamic group searches
Hello,
This is my first post here, so if I'm going over old ground, please let
me know (I have searched).
I have looked through the archives and reached the conclusion that there
isn't a convenient means of searching for groups based on a dynamic
entry. For example, if I have a dynlist entry containing
olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember
uniqueMember is dynamically added to search results, but can't be part
of the search.
Is this conclusion correct?
I am migrating a client over from Sun's directory manager (which does
allow searching on dynamic attributes) to OpenLDAP, so I have to support
all the client applications that currently authenticate against and use
LDAP. For example:
filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company))
attrs=gidNumber
--
Ian.
Re: More on dynamic group searches
Ian Collins wrote:
Hello,
This is my first post here, so if I'm going over old ground, please let
me know (I have searched).
I have looked through the archives and reached the conclusion that there
isn't a convenient means of searching for groups based on a dynamic
entry. For example, if I have a dynlist entry containing
olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember
uniqueMember is dynamically added to search results, but can't be part
of the search.
Is this conclusion correct?
Yes.
I am migrating a client over from Sun's directory manager (which does
allow searching on dynamic attributes) to OpenLDAP, so I have to support
all the client applications that currently authenticate against and use
LDAP. For example:
filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company))
attrs=gidNumber
Don't use dynamic groups then. Use autogroups.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: More on dynamic group searches
On 05/23/10 09:21 PM, Howard Chu wrote: Ian Collins wrote: I am migrating a client over from Sun's directory manager (which does allow searching on dynamic attributes) to OpenLDAP, so I have to support all the client applications that currently authenticate against and use LDAP. For example: filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber Don't use dynamic groups then. Use autogroups. Thanks, I hadn't looked at the contrib modules. -- Ian.
