[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapo-dynlist search member=value search?
Hi!
From reading the FAQ entry on dynlist
(http://www.openldap.org/faq/data/cache/1209.html) it would seem that
dynlist with member DN expansion lets me operate in two directions:
1. have an attribute dynamically expanded (e.g. for mapping a group
to its members), e.g. '(cn=somedynamicgroup)' -> { member:
uid=someuser,ou=People,o=SomeOrg, member:
uid=otheruser,ou=People,o=SomeOrg }
2. search for dynamic objects whose dynamic attribute expands to
given DN (e.g. for location all groups a given user is a member
of), e.g. '(member=uid=someuser,ou=People,o=SomeOrg)' -> { dn:
cn=somedynamicgroup,ou=Groups,o=MyOrg, dn:
cn=somestaticgroup,ou=Groups,o=MyOrg}
To be specific, this fragment in the FAQ describes it:
--- SNIP ---
dynlist-attrset groupOfURLs memberURL member
it behaves much like the dyngroup overlay; the <attrs> portion of the
URI must be absent, and the DN of the entries resulting from the search
is added as value of the member attribute defined above.
*For compare operations on the member attribute, all the values of the
memberURL attribute of groupOfURLs objects are compared until a match is
found; this exploits slapd group caching capabilities.
*--- SNIP ---
Also, the slapo-dynlist manual states:
--- SNIP ---
Compares that assert the value of the <member-ad> attribute of entries
with <group-oc> objectClass apply as if the DN of the entries resulting
from the expansion of the URI were present in the <group-oc> entry as
values of the <member-ad> attribute.
--- SNIP ---
I have the following configuration:
--- fragment of BDB instance config ---
index member eq,pres
overlay dynlist
dynlist-attrset groupOfURLs memberURL member
--- end fragment of BDB instance config ---
The member expansion works:
ldapsearch -b 'o=MyOrg' -x -D 'cn=Manager,o=MyOrg' -H 'ldap://localhost'
-y ~/ldappass 'cn=somedynamicgroup'
....
member: uid=someuser,ou=People,o=SomeOrg
member: uid=otheruser,ou=People,o=SomeOrg
...
But searching for groups a user is a member of doesn't work for dynamic
groups:
ldapsearch -b 'o=MyOrg' -x -D 'cn=Manager,o=MyOrg' -H 'ldap://localhost'
-y ~/ldappass 'member=uid=someuser,ou=People,o=SomeOrg'
dn: cn=somestaticgroup,ou=Groups,o=SomeOrg
....
As a result no dynamic groups are found, only static ones.
Am I missing something in the configuration?*
*
--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.org.pl
--
Aleksander Adamowski
Administrator systemów korporacyjnych; Instruktor
Altkom Akademia S.A. http://www.altkom.pl
Warszawa, ul. Chłodna 51
kom. 0-601-318-080
Sąd Rejonowy dla m.st. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego,
KRS: 0000120139, NIP 118-00-08-391, Kapitał zakładowy: 1000 000 PLN. Adres rejestrowy Firmy - ul. Stawki 2, 00-193 Warszawa.
Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę przedsiębiorstwa firmy Altkom Akademia S.A.
Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do własnych celów jest zabronione.
Jeżeli otrzymaliście Państwo niniejszą wiadomość omyłkowo, prosimy o niezwłoczne skontaktowanie się z nadawcą oraz usunięcie wszelkich kopii niniejszej wiadomości.
This message contains proprietary information and trade secrets of Altkom Akademia S.A. company.
Unauthorized use or disclosure of this information to any third party is prohibited.
If you received this message by mistake, please contact the sender immediately and delete all copies of this message.