There's some ambiguities that still need to be resolved, around the memberOf functionality.
The dynlist code only adds memberOf values for dynamic groups. It doesn't do anything about static group memberships. This implies that you still need to use the memberOf overlay too, if you want to also support static groups. The dynlist overlay doesn't define the memberOf attribute schema. Something else needs to do that, either loading it as user-defined schema, or relying on the memberof overlay to already be initialized. This seems like a messy loose end to leave dangling, but not sure what a better approach would be. Suggestions? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/