--On Thursday, June 30, 2022 11:51 AM +0200 Bog Dan bsiara.cgi@gmail.com wrote:
Thanks for your reply, I try to explain.
Populating memberOf attribiute to users entry working well using this:
Have you read through test044 and the various configurations? Your config stil doesn't look correct to me. For example, when testing reverse memberOf lookups, the config in the test is:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf
If adding static groups into the mix, it's:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
When doing nested Dynamic groups, it's:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf*
When mixing both, it's:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames* olcDynListAttrSet: labeledURIObject labeledURI uniqueMember+seeAlso@groupOfUniqueNames
So none of your configuration seems to be really using dynlist as designed. Also, I don't believe you can do what you want in this way:
memberURL: ldap:///ou=people,dc=test,dc=com??sub?(memberOf=cn=devops,ou=groups,dc=test,dc=com)
because memberOf is a virtual attribute.
There are two ways shown in test044 to do nested groups. One is with static group membership, i.e.:
dn: cn=testluri,ou=groups,dc=test,dc=com cn: testluri objectClass: groupOfNames member: cn=devops,ou=groups,dc=test,dc=com
The other is with dynamic group membership, i.e.:
dn: cn=testluri,ou=groups,dc=test,dc=com objectClass: groupOfURLs cn: testluri memberURL: ldap:///ou=groups,dc=test,dc=com??sub?(description=devops group)
Regards, Quanah