Hi,
Few questions regarding dynlist as a replacement of memberof overlay.
Version: 2.5.13+dfsg-2~bpo11+1 on debian bullseye
1) in relatively simple environment (2 servers, multiprovider, syncrepl and keepalived) we've been using memberof overlay - with memberOf explicitly filtered out in syncrepl configuration (exattrs=memberOf). This has been working fine so far across many versions - but considering the warning in slapo-memberof manpage is this overlay used in this fashion safe or are there other issues that eventually might show up ?
2) I've been experimenting a bit with dynlist as a replacement; judging from examples/manual it seems it was primarily created to populate a dynamic group while doing the search over users under a constraint of a filter; but it seems it's working just fine in reverse way as well, e.g. consider:
dynlist config: olcDynListAttrSet = toukPerson labeledURI dgMemberOf
group with manually added members: cn=ADM,ou=TouK,ou=Group,dc=touk,dc=pl a user: uniqueMember=cn=Michał Sołtys,ou=Touki,ou=People,dc=touk,dc=pl
and relevant attributes in user's entry: objectClass = toukPerson labeledURI = ldap:///ou=TouK,ou=Group,dc=touk,dc=pl??sub?(uniqueMember=cn=Michał Sołtys,ou=Touki,ou=People,dc=touk,dc=pl)
This seems to be doing what we are expecting - populating dynamically dgMemberOf with the groups the user has membership in. While this is working, is it ok to use this overlay in this fashion (search over groups instead of over users) ?
3) my last question is more of a curiosity - what case scenario are for additional [+<memberOf-ad>[@<static-oc>[*]]] attributes ? No matter what I tried in what way, neither +memberOf-ad nor +static-oc had any effect whatsoever.