I think you need to realize that dynlist (and dynamic groups in general) represent an abuse of the LDAP data model. You pointed out a misalignment between documentation and code, which was the result of a continuous evolution of both in an attempt to make dynlist as general as possible while letting it keep contradictory configurations under control. The checks currently implemented resulted too strict, so I relaxed them. Maybe they are now too relaxed (you just get a warning if you do something odd, but then the oddest thing you could do would result at most in slowing down the DSA you admin). Please check if the current code satisfies your requirements so that the change can be released ASAP. Don't expect dynlist to do all you want it to do, and exactly as you want it, because it needs to satisfy other requirements as well. If you want to design specs for dynamic groups, or dynamic lists, maybe an ITS is not the right forum.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------