On 05/24/10 03:34 PM, Ian Collins wrote:
So, going back to my original problem, is there anyway OpenLDAP can support this search with dynamic/auto groups?On 05/24/10 01:11 PM, Howard Chu wrote:What have you done to test it? As the README says, it operates when a write operation occurs that may affect the membership of a given group.Yes it does, I was was using the wrong search (searching on uniqueMember, not member).The README states the <member-ad> part of the olcAGattrSet is fixed, this appears to be the case as I can't get uniqueMember to work.
filter="(&(objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company))" attrs="gidNumber"
autogroup would work if the search were changed to:filter="(&(objectClass=posixGroup)(member=cn=Admins,ou=groups,o=staff,dc=company))" attrs="gidNumber"
But I am unable to modify these searches as they are from third party applications which assume group members are identified by uniqueMember rather than member.
-- Ian.