Hi,
i changed my config a bit but it doesnt work.
i dont have a dynamic group. Yes i configured a dynamic list. We want to
add the memberOf attribute to user entries.
We have static groups with objectclass "groupofnames" which contain the
DN of users with attribute "member=uid=name,............"
The user entries contain the attribute
labeledURI=ldap:///BASE_DN?entryDN?sub?(&(objectClass=groupOfNames)(member=uid=name,..........))
So the DNs of all the static groupofname groups which a user is a member
of should be returned by the dynlist URI expansion.
The dynlist modul should map the entryDNs of the expansion to memberOf
and the memberOf attribute should be delivered with the user entry
output when ldapsearch:
dynlist-attrset labeledURIObject labeledURI memberOf:entryDN
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN
'(|(uid=username))' memberOf
ldapsearch with no result.
Am 15.03.23 um 11:33 schrieb Ondřej Kuzník:
On Mon, Mar 13, 2023 at 10:58:12AM +0100, Andreas Ladanyi wrote:
Hi,
after upgrade from 2.5.13->2.5.14 i cant get any search result from slapd
when filtering for specific memberOf=value. If i downgrade back to slapd
2.5.13 all is working again.
It doesnt work with ldapsearch nor with sssd-ldap modul when filtering
entities with a specific memberOf=Value:
ldapsearch -o ldif-wrap=no -LLL -x -ZZ -H ldap://ldap-server -b
OUR_BASE_DN '(memberOf=.........)' memberOf uid
ldapsearch shows the entities with memberOf attribute and the memberOf value
if i search without a specific memberOf value in the filter:
ldapsearch -o ldif-wrap=no -LLL -x -ZZ -H ldap://ldap-server -b
OUR_BASE-DN memberOf
The dynlist config is:
dynlist-attrset labeledURIObject labeledURI memberOf
Hi Andreas,
I'm pretty sure you configured a dynamic list (whose behaviour has been
tightened recently) that you're using as a dynamic group. See the
slapo-dynlist manpage for an example how we recommend setting this up.
Regards,
