Am Mon, 30 Jul 2012 12:52:22 -0400 schrieb Patrick Hemmer openldap@stormcloud9.net:
So I just ran across an undocumented issue with slapo-dynlist. I'm not sure if this is a bug, or just missing in the documentation.
The issue is that if the entry being dynamically added to the parent entry has the objectClass slapo-dynlist is configured to use, that entry is not dynamically added to the parent. For example:
olcOverlay=dynlist,olcdatabase=hdb,cn=config objectClass: olcDynamicList objectClass: olcOverlayConfig olcDlAttrSet: groupOfURLs memberUrl
dn: cn=parent,dc=example,dc=com objectClass: groupOfNames objectClass: groupOfURLs member: uid=foo,dc=example,dc=com memberUrl: ldap:///cn=child,dc=example,dc=com
dn: cn=child,dc=example,dc=com objectClass: groupOfNames objectClass: groupOfURLs member: uid=bar,dc=example,dc=com
In the above example, I would "member: uid=bar,dc=example,dc=com" to be added to cn=parent,dc=example,dc=com, but it isn't.
Now the documentation clearly states recursion is not allowed, so if cn=child were to have a 'memberUrl', this memberUrl would not be expanded. But this is not what is being done here, cn=child has no memberUrl present. It also behaves perfectly fine if I pull the "objetClass: groupOfURLs" off cn=child.
So is this supposed to behave this way? If so can the documentation be updated to indicate this restriction? If not I'd be happy to open an ITS on the issue.
The memberURL attribute value is not complete, see rfc 4516. It should be something like memberURL:ldap:///cn=child,dc=example,dc=com?<attributetype>?<scope>?<filter>
-Dieter