Re: More on dynamic group searches
On 05/24/10 03:34 PM, Ian Collins wrote: On 05/24/10 01:11 PM, Howard Chu wrote: What have you done to test it? As the README says, it operates when a write operation occurs that may affect the membership of a given group. Yes it does, I was was using the wrong search (searching on uniqueMember, not member). The README states the member-ad part of the olcAGattrSet is fixed, this appears to be the case as I can't get uniqueMember to work. So, going back to my original problem, is there anyway OpenLDAP can support this search with dynamic/auto groups? filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber autogroup would work if the search were changed to: filter=((objectClass=posixGroup)(member=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber But I am unable to modify these searches as they are from third party applications which assume group members are identified by uniqueMember rather than member. -- Ian.
More on dynamic group searches
Hello, This is my first post here, so if I'm going over old ground, please let me know (I have searched). I have looked through the archives and reached the conclusion that there isn't a convenient means of searching for groups based on a dynamic entry. For example, if I have a dynlist entry containing olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember uniqueMember is dynamically added to search results, but can't be part of the search. Is this conclusion correct? I am migrating a client over from Sun's directory manager (which does allow searching on dynamic attributes) to OpenLDAP, so I have to support all the client applications that currently authenticate against and use LDAP. For example: filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber -- Ian.
Re: More on dynamic group searches
Ian Collins wrote: Hello, This is my first post here, so if I'm going over old ground, please let me know (I have searched). I have looked through the archives and reached the conclusion that there isn't a convenient means of searching for groups based on a dynamic entry. For example, if I have a dynlist entry containing olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember uniqueMember is dynamically added to search results, but can't be part of the search. Is this conclusion correct? Yes. I am migrating a client over from Sun's directory manager (which does allow searching on dynamic attributes) to OpenLDAP, so I have to support all the client applications that currently authenticate against and use LDAP. For example: filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber Don't use dynamic groups then. Use autogroups. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: More on dynamic group searches
On 05/23/10 09:21 PM, Howard Chu wrote: Ian Collins wrote: I am migrating a client over from Sun's directory manager (which does allow searching on dynamic attributes) to OpenLDAP, so I have to support all the client applications that currently authenticate against and use LDAP. For example: filter=((objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company)) attrs=gidNumber Don't use dynamic groups then. Use autogroups. Thanks, I hadn't looked at the contrib modules. -- Ian.