Hello Quanah, Thx to have pointed me some config issue I had, I’ve modified my olclimits according your advice and now, everything goes well on my both environments.
Brgds, Jean-Luc. > On 29 Mar 2022, at 18:23, Quanah Gibson-Mount <[email protected]> wrote: > > > --On Tuesday, March 29, 2022 12:35 PM +0200 Jean-Luc Bourguignon > <[email protected]> wrote: > >> >> Hello Quanah, >> >> >> Here is my configuration on both environments : >> >> >> olcLimits: {1}group/groupOfNames/member="cn=Sailpoint >> Access,ou=Applications G >> roups,ou=Groups,ou=staff,o=mobistar.be" size.soft=unlimited >> size.hard=unlimi >> ted time.soft=unlimited time.hard=unlimited > > > Minor note, you can just put: size=unlimited time=unlimited as documented in > the man page this covers both soft and hard. > >> and the content of the group >> >> >> # Sailpoint Access, Applications Groups, Groups, staff, mobistar.be >> dn: cn=Sailpoint Access,ou=Applications >> Groups,ou=Groups,ou=staff,o=mobistar.be >> cn: Sailpoint Access >> objectClass: top >> objectClass: groupOfUniqueNames >> uniqueMember: uid=diams,ou=Test,ou=System,o=mobistar.be >> uniqueMember: uid=diamst,ou=Test,ou=System,o=mobistar.be > > Your OLC Limits says that the objectClass your group is using is > "groupOfNames" and the membership attribute is "member". > > but your *actual* object is using "groupOfUniqueNames" and "uniqueMember". > These clearly are not compatible statements. > > Generally I would suggesting using groupOfMembers/member from rfc2307bis if > you need to support empty groups. Either way, the group objectClass and > membership attributes need to agree with what is actually being used. > > > Regards, > Quanah
