Hi,
I have problem with OpenLdap and permission to file.
First - I set this in my slapd.conf:
overlay dynlist dynlist-attrset labeledURIObject labeledURI
Second - I make cn=test,ou=Projects,dc=example,dc=com with:
dn: cn=test,ou=Projects,dc=example,dc=com gidNumber: 6789 objectClass: posixGroup objectClass: top objectClass: labeledURIObject labeledURI: ldap:///cn=testgroup,ou=Groups,dc=example,dc=com?memberUid?sub?(objectClass=posixGroup) memberUid: user1 (dynamic) memberUid: user2 (dynamic)
in cn=testgroup,ou=Groups,dc=example,dc=com i have memberuid: user1 and memberUid: user2
Third - when i made getent group test I have:
test:*:6789:user1,user2
But when i try id user1 i didn't see this group :(
And next i set chmod 770 dir and chown root.test dir and try access to this dir.
But of course it is not possible because the user is not in this group (that said "id").
Somebody know the resolve? Because i spent a lot of hours and i can't find the problem.
slapo-dynlist(5) only allows direct membership, not reverse. Read the man page: when an entry with a specific objectClass is being returned, URL expansion may take place. So if you *search* with a dynamic member in the filter, nothing is returned. What you are trying to accomplish cannot be obtained using slapo-dynlist(5). You probably need to use slapo-autogroup (in contrib/slapd-modules/).
p.