Hello, Thanks I have found the correct documentation, read it 5 times (well english is not natural for me).
So, If I have only static groups should I use only this : olcDynListAttrSet: myPerson labeledURI myMemberOf@GroupOfNames What I don’t understand is that from this sentence in the man page :: If the optional static-oc objectClass is also specified, then the memberOf attribute will also be populated with the DNs of the static groups that an entry is a member of. Does it means that the labaledURI attr in my myPerson objects has no use ? Or it should return a list of objects of objectClass GroupOfNames that will be used to build the myMemberOf value (thus allowing to restrict the groups where to search for membership ? f.g. > Le 17 oct. 2022 à 16:25, Quanah Gibson-Mount <[email protected]> a écrit : > > > > --On Monday, October 17, 2022 4:51 PM +0200 Frédéric Goudal > <[email protected]> wrote: > >> Hello, >> >> We have to install a product which use ldap and that seems to need >> memberof overlay. As I have read this overlay is deprecated is cause >> trouble with replication. So I have dug to found a replacement solution, >> and what I have found is to add something like that : >> >> In the olcDynamicList >> >> olcDlAttrSet: myPerson labeledURI myMemberOf >> >> >> And in each user <user> : >> >> labeledURI: >> ldap:///ou=groups,dc=example,dc=com??sub?(&(objectclass=posixgroup) >> (memberuid=<user>)) > > It sounds like you're using the older 2.4 based dynlist rather than OpenLDAP > 2.5 and later dynlist? > > Regards, > Quanah — Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11
