Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
1. Does dynlist work this way only in OpenLDAP 2.6?
2. If no, do I have to import additional overlay ldifs?
3. Do I have to load additional modules other than dynlist?
4. Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph