DRVTiny wrote:
OpenLDAP 2.4.39, amd64, debian 7 When i use the group with only static members in "by group/groupOfNames/member" clause - all works perfectly But when i'm trying to use in ACL definition dynamic members in 1:1 identicaly group - it doesnt work at all and in slapd debug output i see: --- 530b1a22 dnMatch -40 "dc=ru" "uid=konovalov-aa,ou=people,dc=svc,dc=ot,dc=ru" --- where "dc=ru" is one static member of this group (all others is dynamic members and it is not compared to "uid=konovalov-aa,ou=people,dc=svc,dc=ot,dc=ru" at all).It is very strange behavior, because official documentation says that: --- Dynamic Groups are also supported in Access Control. Please see slapo-dynlist(5) and the Dynamic Lists overlay section. --- Any comments? Can i use dynlist'ed groups in OpenLDAP ACL?
Yes, you can. But you cannot use group/groupOfNames for a dynamic group. This is already documented in the manpage.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
