Full_Name: Guillaume Rousse Version: 2.4.11 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.55.250.67)
Dynlist overlay only accept a single configuration directive for the whole base, preventing to map differently the request URL depending on the context.
For including users into groups with such URL as ldap:///ou=users,dc=domain,dc=tld??sub?(gidNumber=X), you need dynlist-attrset groupOfURLs memberURL member
For including groups into other groups, with such URL as ldap:///ou=group,dc=domain,dc=tld?member?sub?(cn=Y), you need dynlist-attrset groupOfURLs memberURL
It would be practical to add a switch for this directive, allowing to restrict its application to a specific context. Pierangelo suggested something as:
dynlist-attrset <group-oc> <URL-ad> [ ldap:///base??scope?filter ] [[<mapped-ad>:]<member-ad> ...]
Which would turn previous examples into: dynlist-attrset groupOfURLs memberURL ldap:///ou=users,dc=domain,dc=tld??sub?(gidNumber=X) member dynlist-attrset groupOfURLs memberURL ldap:///ou=group,dc=domain,dc=tld??sub?(cn=Y)