andreas.ladanyi@kit.edu wrote:
Using slapd 2.5 with dynlist to generate memberof.
We use sssd ldap provider with ldap_user_search_filter parameter and memberof filter and only the user which are memberof=XY are in the sssd cache. So it works as expected, since slapd 2.5
We use ldapsearch with memberof filter and it works as expected, since slapd 2.5
Iam trying out some webapps, configure the ldap filter and iam wondering because the filter with the memberof attribute will be transmitted to slapd but there is no search result in the slapd.log. If i copy the webapp ldap filter from the slapd log and try it out with ldapsearch on the webapp server i get search results.
Could somebody clearify me ?
Read the slapo-dynlist(5) manpage, especially the note about the manageDSAit control. Then check the slapd packet trace and see what controls the webapp is sending with the search request.