Clowser, Jeff (Contractor) wrote: > Looking at the manpage, it looks like if you want to populate the member > attribute with dn's, you leave the attribute in the ldap url blank. > i.e.: > > memberURL: ldap:///ou=People,dc=example,dc=com??sub?(objectClass=person) > > not > > memberURL: > ldap:///ou=People,dc=example,dc=com?entryDN?sub?(objectClass=person) > > "The value <member-ad> is optional; if present, the overlay > behaves as a dynamic group: this attribute will list the DN of > the entries resulting from the internal search. In this case, > the <attrs> portion of the URI must be absent, and the DNs of > all the entries resulting from the expansion of the URI are > listed as values of this attribute." > > Granted, I'm looking at the man page for 2.4 and you are running 2.3, > but I'm assuming the behaviour hasn't changed that much between these > versions (I could be wrong).
Correct; but, as far as I can tell, when the "member-ad" arg is present, its population with the DN of entries matching the search occurs regardless of any attrs in the URI, which are ignored. So I really don't understand what's happening in Guy's case. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------
