Hello list,
I have an openldap 2.4.49 (ubuntu 20.04 LTS) server pair running with syncrepl. I also have memberof overlay activated and during a debug session found out that this is a no-go. I was debugging a problem where an user record that is in two groups only shows one memberOf attribute value whereas other users show the expected amount of memberOf values.
Now I'm looking into replacing the memberof overlay but it appears that for my use case there is no replacement at all.
dynlist seems made to create dynamic groups or lists respectively but everything in my DIT is a static group and static users. They are created by a commercial product and I am unable to add further specific URL attributes there when new entries are created.
I stumbled upon https://www.mail-archive.com/openldap-technical@openldap.org/msg26067.html via google search, but blindly copying the dynlist-attrset merely causes the slapd to reply with "/etc/ldap/slapd.conf: line 149: "dynlist-attrset <oc> [uri] <URL-ad> [[<mapped-ad>:]<member-ad> ...]": unable to find AttributeDescription #0 "member+memberOf@groupOfNames"#012. " on startup and stopping immediately. I suppose it needs some schema extension but of what I don't understand and neither will I have a trigger objectClass unless I could just use inetOrgPerson as trigger and have it work.
Is there a way to get back "synthetic" memberOf entries on static user records (which are inetOrgPerson) with static groups (which are groupOfNames) on openldap 2.4.49 without adding any special attributes into users and/or groups themselves ?
Kind regards,
René