Hi,
i changed my config a bit but it doesnt work.
i dont have a dynamic group. Yes i configured a dynamic list. We want to add the memberOf attribute to user entries.
We have static groups with objectclass "groupofnames" which contain the DN of users with attribute "member=uid=name,............"
The user entries contain the attribute labeledURI=ldap:///BASE_DN?entryDN?sub?(&(objectClass=groupOfNames)(member=uid=name,..........))
So the DNs of all the static groupofname groups which a user is a member of should be returned by the dynlist URI expansion.
The dynlist modul should map the entryDNs of the expansion to memberOf and the memberOf attribute should be delivered with the user entry output when ldapsearch:
dynlist-attrset labeledURIObject labeledURI memberOf:entryDN
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN '(|(uid=username))' memberOf
ldapsearch with no result.
Am 15.03.23 um 11:33 schrieb Ondřej Kuzník:
On Mon, Mar 13, 2023 at 10:58:12AM +0100, Andreas Ladanyi wrote:
Hi,
after upgrade from 2.5.13->2.5.14 i cant get any search result from slapd when filtering for specific memberOf=value. If i downgrade back to slapd 2.5.13 all is working again.
It doesnt work with ldapsearch nor with sssd-ldap modul when filtering entities with a specific memberOf=Value:
ldapsearch -o ldif-wrap=no -LLL -x -ZZ -H ldap://ldap-server -b OUR_BASE_DN '(memberOf=.........)' memberOf uid
ldapsearch shows the entities with memberOf attribute and the memberOf value if i search without a specific memberOf value in the filter:
ldapsearch -o ldif-wrap=no -LLL -x -ZZ -H ldap://ldap-server -b OUR_BASE-DN memberOf
The dynlist config is:
dynlist-attrset labeledURIObject labeledURI memberOf
Hi Andreas, I'm pretty sure you configured a dynamic list (whose behaviour has been tightened recently) that you're using as a dynamic group. See the slapo-dynlist manpage for an example how we recommend setting this up.
Regards,