--On Tuesday, March 29, 2022 12:35 PM +0200 Jean-Luc Bourguignon
<[email protected]> wrote:
Hello Quanah,
Here is my configuration on both environments :
olcLimits: {1}group/groupOfNames/member="cn=Sailpoint
Access,ou=Applications G
roups,ou=Groups,ou=staff,o=mobistar.be" size.soft=unlimited
size.hard=unlimi
ted time.soft=unlimited time.hard=unlimited
Minor note, you can just put: size=unlimited time=unlimited as documented
in the man page this covers both soft and hard.
and the content of the group
# Sailpoint Access, Applications Groups, Groups, staff, mobistar.be
dn: cn=Sailpoint Access,ou=Applications
Groups,ou=Groups,ou=staff,o=mobistar.be
cn: Sailpoint Access
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: uid=diams,ou=Test,ou=System,o=mobistar.be
uniqueMember: uid=diamst,ou=Test,ou=System,o=mobistar.be
Your OLC Limits says that the objectClass your group is using is
"groupOfNames" and the membership attribute is "member".
but your *actual* object is using "groupOfUniqueNames" and "uniqueMember".
These clearly are not compatible statements.
Generally I would suggesting using groupOfMembers/member from rfc2307bis if
you need to support empty groups. Either way, the group objectClass and
membership attributes need to agree with what is actually being used.
Regards,
Quanah
