slapo-dynlist search member=value search?

23 Aug 2007

      Hi!
From reading the FAQ entry on dynlist 
(http://www.openldap.org/faq/data/cache/1209.html) it would seem that 
dynlist with member DN expansion lets me operate in two directions:
1. have an attribute dynamically expanded (e.g. for mapping a group
      to its members), e.g. '(cn=somedynamicgroup)' -> { member:
      uid=someuser,ou=People,o=SomeOrg, member:
      uid=otheruser,ou=People,o=SomeOrg }
   2. search for dynamic objects whose dynamic attribute expands to
      given DN (e.g. for location all groups a given user is a member
      of), e.g. '(member=uid=someuser,ou=People,o=SomeOrg)' -> { dn:
      cn=somedynamicgroup,ou=Groups,o=MyOrg, dn:
      cn=somestaticgroup,ou=Groups,o=MyOrg}
To be specific, this fragment in the FAQ describes it:
--- SNIP ---
dynlist-attrset  groupOfURLs memberURL member
it behaves much like the dyngroup overlay; the <attrs> portion of the 
URI must be absent, and the DN of the entries resulting from the search 
is added as value of the member attribute defined above.
*For compare operations on the member attribute, all the values of the 
memberURL attribute of groupOfURLs objects are compared until a match is 
found; this exploits slapd group caching capabilities.
*--- SNIP ---
Also, the slapo-dynlist manual states:
--- SNIP ---
Compares that assert the value of the <member-ad> attribute of entries 
with <group-oc> objectClass apply as if the DN of the entries resulting 
from the expansion of the URI were present in  the  <group-oc> entry as 
values of the <member-ad> attribute.
--- SNIP ---
I have the following configuration:
--- fragment of BDB instance config ---
index member  eq,pres
overlay                 dynlist
dynlist-attrset  groupOfURLs memberURL member
--- end fragment of BDB instance config ---
The member expansion works:
ldapsearch -b 'o=MyOrg' -x -D 'cn=Manager,o=MyOrg' -H 'ldap://localhost' 
-y ~/ldappass 'cn=somedynamicgroup'
....
member: uid=someuser,ou=People,o=SomeOrg
member: uid=otheruser,ou=People,o=SomeOrg
...
But searching for groups a user is a member of doesn't work for dynamic 
groups:
ldapsearch -b 'o=MyOrg' -x -D 'cn=Manager,o=MyOrg' -H 'ldap://localhost' 
-y ~/ldappass 'member=uid=someuser,ou=People,o=SomeOrg'
dn: cn=somestaticgroup,ou=Groups,o=SomeOrg
....
As a result no dynamic groups are found, only static ones.
Am I missing something in the configuration?*
*
-- 
Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
    http://olo.org.pl

--
Aleksander Adamowski
    Administrator systemów korporacyjnych; Instruktor
    Altkom Akademia S.A. http://www.altkom.pl
    Warszawa, ul. Chłodna 51

    kom. 0-601-318-080

Sąd Rejonowy dla m.st. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego,
KRS: 0000120139, NIP 118-00-08-391, Kapitał zakładowy: 1000 000 PLN.  Adres rejestrowy Firmy - ul. Stawki 2, 00-193 Warszawa.
Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę przedsiębiorstwa firmy Altkom Akademia S.A.
Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do własnych celów jest zabronione.
Jeżeli otrzymaliście Państwo niniejszą wiadomość omyłkowo, prosimy o niezwłoczne skontaktowanie się z nadawcą oraz usunięcie wszelkich kopii niniejszej wiadomości.
This message contains proprietary information and trade secrets of Altkom Akademia S.A. company.
Unauthorized use or disclosure of this information to any third party is prohibited.
If you received this message by mistake, please contact the sender immediately and delete all copies of this message. 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

slapo-dynlist search member=value search?