Hello,
Looking at the manpage, it looks like if you want to populate the member attribute with dn's, you leave the attribute in the ldap url blank. i.e.:
memberURL: ldap:///ou=People,dc=example,dc=com??sub?(objectClass=person)
not
memberURL: ldap:///ou=People,dc=example,dc=com?entryDN?sub?(objectClass=person)
Yes, I read the man page, except that I never search with a filter that request an objectClass, the empty attribute does not work also, I try it before my first post. Like Pierangelo suggestion, I start the upgrade this evening (if possible with testing packages or tomorrow if a local build are needed).
Regards
Guy
"The value <member-ad> is optional; if present, the overlay behaves as a dynamic group: this attribute will list the DN of the entries resulting from the internal search. In this case, the <attrs> portion of the URI must be absent, and the DNs of all the entries resulting from the expansion of the URI are listed as values of this attribute."
Granted, I'm looking at the man page for 2.4 and you are running 2.3, but I'm assuming the behaviour hasn't changed that much between these versions (I could be wrong).
- Jeff