Ian Collins wrote:
Hello,
This is my first post here, so if I'm going over old ground, please let me know (I have searched).
I have looked through the archives and reached the conclusion that there isn't a convenient means of searching for groups based on a dynamic entry. For example, if I have a dynlist entry containing
olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember
uniqueMember is dynamically added to search results, but can't be part of the search.
Is this conclusion correct?
Yes.
I am migrating a client over from Sun's directory manager (which does allow searching on dynamic attributes) to OpenLDAP, so I have to support all the client applications that currently authenticate against and use LDAP. For example:
filter="(&(objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company))" attrs="gidNumber"
Don't use dynamic groups then. Use autogroups.