Ah!! I got it to work! So what i did:
Ok, so i rebuilt but without the msuser.ldif schema. (my reasoning was because the memberof attribute was there ....but thought it was interesting that the overlay for dynlist included memberof...) https://www.openldap.org/software/man.cgi?query=slapo-dynlist&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html Added the dyngroup.ldif schema instead. Added the dynlist module dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /opt/symas/lib/openldap/ olcModuleLoad: dynlist.la Added the dynlist overlay: dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: dynlist olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames Now i can do a simple ldapsearch: ldapsearch -xLLL uid=davetest memberof dn: uid=davetest,ou=People,dc=domain,dc=net memberOf: cn=config,ou=group,dc=domain,dc=net memberOf: cn=netbox,ou=group,dc=domain,dc=net Hope this makes sense and i did it right :D @Saša-Stjepan Bakša <[email protected]> FYI Now to try with MMR Thanks, Dave On Mon, Aug 30, 2021 at 4:14 AM Saša-Stjepan Bakša <[email protected]> wrote: > > > On Sun, 29 Aug 2021 at 16:50, Dave Macias <[email protected]> wrote: > >> Thank you for the input! >> >> Ive been researching it a bit. As far as I understand, dynlist “allows >> for expansion of dynamic groups and more” (from the man). Also, I'm >> assuming that dynlist also works well with MMR syncrepl, yes? (Since >> memberof didnt) >> >> I only have static groups. >> Googling around showed that you can also use it against static groups…if >> I understood it correctly. >> >> Would this overlay config help me for expanding against static groups >> using rfc2307bis schema? >> >> dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config >> objectClass: olcOverlayConfig >> objectClass: olcDynListConfig >> olcOverlay: dynlist >> olcDynListAttrSet: member >> >> Thank you! >> >> > Hi David, > > I have similar situation and also a replicated environment. I am using > posixGroup only and never had any need for a memberOf attribute. > But now, my devs have a software which insists on that attribute so I > should provide it for them. > I have just started with testing it but don't have any result at this > time, so if you solve it before me please post here what you did. > Or you can email me directly if you prefer that. > > Br, > > Saša > >
