[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Using dyngroup
--On Monday, February 21, 2005 1:30 PM +0100 Josà Accino <accino@uma.es>
wrote:
El Fri, 18 Feb 2005 09:44:06 -0800 Quanah Gibson-Mount
<quanah@stanford.edu> escribiÃ:
As I recall, the dynamic group overlay only lets you compare whether
or not someone is a member of a group, and does not create lists of
members for searches.
--Quanah
Thanks. In that case, are there somewhere any samples about setting up
slapd.conf and making those comparisons? I've been looking at the
archives of the lists but I'm unable to find any hints...
The first thing you have to do is add the dynamic group overlay using the:
overlay dyngroup
directive.
Then read slapd.access(5) man page.
" For static groups, the specified attributeType must have
DistinguishedName or NameAndOptionalUID syntax. For dynamic
groups the attributeType must be a subtype of the labeledURI
attributeType. Only LDAP URIs of the form
ldap:///<base>??<scope>?<filter> will be evaluated in a
dynamic group, by searching the local server only."
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin