--On Thursday, June 30, 2022 11:51 AM +0200 Bog Dan <[email protected]>
wrote:
Thanks for your reply, I try to explain.
Populating memberOf attribiute to users entry working well using this:
Have you read through test044 and the various configurations? Your config
stil doesn't look correct to me. For example, when testing reverse
memberOf lookups, the config in the test is:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf
If adding static groups into the mix, it's:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
When doing nested Dynamic groups, it's:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf*
When mixing both, it's:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames*
olcDynListAttrSet: labeledURIObject labeledURI
uniqueMember+seeAlso@groupOfUniqueNames
So none of your configuration seems to be really using dynlist as designed.
Also, I don't believe you can do what you want in this way:
memberURL:
ldap:///ou=people,dc=test,dc=com??sub?(memberOf=cn=devops,ou=groups,dc=test,dc=com)
because memberOf is a virtual attribute.
There are two ways shown in test044 to do nested groups. One is with
static group membership, i.e.:
dn: cn=testluri,ou=groups,dc=test,dc=com
cn: testluri
objectClass: groupOfNames
member: cn=devops,ou=groups,dc=test,dc=com
The other is with dynamic group membership, i.e.:
dn: cn=testluri,ou=groups,dc=test,dc=com
objectClass: groupOfURLs
cn: testluri
memberURL: ldap:///ou=groups,dc=test,dc=com??sub?(description=devops group)
Regards,
Quanah
