Michael Ströder wrote:
HI!
It's easy to change the config of OpenLDAP 2.5 from "overlay memberof" to "overlay dynlist" and it just works. Nice. :-)
But the existing database then still contains the 'memberOf' attribute values.
Ideally one should reload the database. But if anything fails:
Does it do any harm if 'memberOf' attribute values are still present in the database but slapo-dynlist is supposed to compute 'memberOf' attribute values based on recently changed group membership?
Old static values are left untouched. They will be present in search results, and so may go stale over time if not deleted. I suppose dynlist could be changed to just omit any existing static values, but that's not what it does at present.
At the end I will instruct the admins to reload databases especially to also save space. But it would be less operational stress if I could decouple the config change from the database re-load.
Ciao, Michael.