Am 18.03.2011 17:36, schrieb Tim Gustafson:
by set="this/manager & user" write
I'd use a 'dnattr' rule here instead of a set. Sets can have a severe impact on performance, since they are not cached.
If I take out the "filter" line, it works fine, but with the "filter" line there it doesn't work, regardless of what gidNumber I provide.
Yeah, I just tested myself. The problem isn't the filter in itself, but the greater-than and less-than operators. gidNumber doesn't have an ORDERING rule, so the filter will always return false. Since gidNumber is a builtin attribute, it can't be changed that easily, but I think recently saw an ITS that requested adding 'ORDERING integerOrderingMatch' to uidNumber and gidNumber. You'd have to wait for the next OpenLDAP version.
Regards, Christian Manal