Hello openldap users!
slapd.conf:
overlay dynlist dynlist-attrset groupOfUrls labeledURI member
ldif:
dn: cn=testgroup,ou=servers,dc=domain,dc=local objectclass: groupOfNames cn: testgroup member: cn=test,ou=users,dc=domain,dc=local
dn: cn=maingroup,ou=servers,dc=domain,dc=local objectclass: groupOfNames cn: maingroup member: cn=testgroup,ou=servers,dc=domain,dc=local
dn: cn=testgroup,ou=servers,dc=domain,dc=local objectClass: top objectClass: labeledURIObject objectClass: groupOfURLs cn: testgroup labeledURI: ldap:///ou=users,dc=domain,dc=local??one?(objectClass=inetOrgPerson)
dn: cn=maingroup,ou=serversGroups,dc=domain,dc=local objectClass: top objectClass: labeledURIObject objectClass: groupOfURLs cn: maingroup labeledURI: ldap:///ou=servers,dc=domain,dc=local?member?one?(objectClass=groupOfUrls)
With this configuration when ldapsearching for contents of "cn=testgroup,ou=servers,dc=domain,dc=local" I got "member: cn=testgroup,ou=servers,dc=domain,dc=local". Cool! It's working. Then I want to have dynlist that contains members of group of dyngroups. And here I stuck. In slapd.conf I can say that some objectClass can be dyngroup or dynlist, but not together. That's right. Then I though that I can extend dyngroup.schema and add groupOfUrls2, then add "dynlist-attrset groupOfUrls2 labeledURI" to slapd.conf and groupOfUrls2 will behave like dynlist, and groupOfUrls will still be dyngroup. That's would be very good for me! I looked in dyngroup.schema and copy groupOfUrls definition to groupOfUrls2.
objectClass ( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs2' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) )
But there was error:
/usr/local/etc/openldap/schema/dyngroup.schema: line 89 objectClass: Inconsistent duplicate objectClass: "2.16.840.1.113730.3.2.33" /usr/local/etc/openldap/slapd.conf: line 11: <include> handler exited with 1! slapd destroy: freeing system resources. slapd stopped.
So... I changed 33 to 34 in chema. Error gone, slapd started.
I added to ldap:
dn: cn=maingroup2,ou=serversGroups,dc=domain,dc=local objectClass: top objectClass: labeledURIObject objectClass: groupOfURLs2 cn: maingroup labeledURI: ldap:///ou=servers,dc=domain,dc=local?member?one?(objectClass=groupOfUrls)
and my slapd.conf not looking like this:
overlay dynlist dynlist-attrset groupOfUrls labeledURI member dynlist-attrset groupOfUrls2 labeledURI
So groupOfUrls must be dyngroup, and groupOfUrls2 must be dynlist.
And now when I ldapsearch for member attr in maingroup2 I wanted to get all members of groups that are under ou=servers,dc=domain,dc=local, but I got no members... Logic was - testgroup (and others groupOfURLs) work as dyngroup and generate member attr in it depending on specified labeledURI. Then maingroup2 (and others) will ldapsearch in ou=servers and make member: attr depending on member attr of groups in ou=servers (and some filters, that I will use later). But maingroup2 not working... It not generate member: attr in it.
I think I was wrong changing 33 to 34, because I need some more thing to do, but I do not know what I should do. Can anoyone suggest what to do?