Andreas Ladanyi wrote: > Am 24.11.22 um 02:14 schrieb Howard Chu: >> andreas.lada...@kit.edu wrote: >>> Using slapd 2.5 with dynlist to generate memberof. >>> >>> We use sssd ldap provider with ldap_user_search_filter parameter and >>> memberof filter and only the user which are memberof=XY are in the sssd >>> cache. So it >>> works as expected, since slapd 2.5 >>> >>> We use ldapsearch with memberof filter and it works as expected, since >>> slapd 2.5 >>> >>> Iam trying out some webapps, configure the ldap filter and iam wondering >>> because the filter with the memberof attribute will be transmitted to slapd >>> but >>> there is no search result in the slapd.log. If i copy the webapp ldap >>> filter from the slapd log and try it out with ldapsearch on the webapp >>> server i get >>> search results. >>> >>> Could somebody clearify me ? >>> >> Read the slapo-dynlist(5) manpage, especially the note about the manageDSAit >> control. Then check the slapd packet trace and see what >> controls the webapp is sending with the search request. > > About the controls: > > Wireshark told me the managedsait control is not sent by the webapp ldap > client and not by the ldapsearch (without -M). I never used -M. > > The webapp sends the control "pageresultcontrol" , size 500 to slapd. The > slapd response back to the client "pageresultcontrol" size 0.
The slapo-dynlist(5) manpage already documents that pagedresults doesn't work with dynlist. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
