Clowser, Jeff (Contractor) wrote:
Looking at the manpage, it looks like if you want to populate the member attribute with dn's, you leave the attribute in the ldap url blank. i.e.:
memberURL: ldap:///ou=People,dc=example,dc=com??sub?(objectClass=person)
not
memberURL: ldap:///ou=People,dc=example,dc=com?entryDN?sub?(objectClass=person)
"The value <member-ad> is optional; if present, the overlay behaves as a dynamic group: this attribute will list the DN of the entries resulting from the internal search. In this case, the <attrs> portion of the URI must be absent, and the DNs of all the entries resulting from the expansion of the URI are listed as values of this attribute."
Granted, I'm looking at the man page for 2.4 and you are running 2.3, but I'm assuming the behaviour hasn't changed that much between these versions (I could be wrong).
Correct; but, as far as I can tell, when the "member-ad" arg is present, its population with the DN of entries matching the search occurs regardless of any attrs in the URI, which are ignored. So I really don't understand what's happening in Guy's case.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------