Full_Name: Emmanuel Dreyfus Version: OpenLDAP-2.4.11 OS: NetBSD-4.0 URL: Submission from: (NULL) (193.54.82.42)

If slapo-dynlist is configured with attribute mapping, dynlist expantion will only work if the member attribute in included in the searched attriute set.

Here is an example:

Config: overlay dynlist dynlist-attrset ExMailAddress memberURL mailbox:revalias

Searched entry: dn: mailAddress=foo-employee@example.net,o=ex objectClass: exMailAddress mailAddress: foo-employee@example.net memberURL: ldap:///o=ex,revalias?sub?(&(objectClass=exPerson)(employer=foo))

Expantion looks up objects like this: dn: uid=jdoe,o=ex objectClass: exPerson uid: jdoe revalias: john.doe@example.net employer: foo

With the member attribute in the searched attribute set: $ ldapsearch mailAddress=foo-employee@example mailbox revalias dn: mailAddress=foo-employee@example.net,o=ex mailbox: john.doe@example.net mailbox: joe.luser@example.net mailbox: emmanuel.dreyfus@example.net

Without it: $ ldapsearch mailAddress=foo-employee@example mailbox dn: mailAddress=foo-employee@example.net,o=ex

Note that if no attribute set is provided, it works: $ ldapsearch mailAddress=foo-employee@example dn: mailAddress=foo-employee@example.net,o=ex objectClass: exMailAddress mailAddress: foo-employee@example.net mailbox: john.doe@example.net mailbox: joe.luser@example.net mailbox: emmanuel.dreyfus@example.net memberURL: ldap:///o=ex,revalias?sub?(&(objectClass=exPerson)(employer=foo))

I should provide a fix for that soon.