Hello,
we often have the question on this list: how apply a policy to a branch or a group of users?
I was thinking we could use autogroup we this kind of configuration:
dn: olcOverlay={9}autogroup,olcDatabase={1}mdb,cn=config objectClass: top objectClass: olcConfig objectClass: olcAutomaticGroups objectClass: olcOverlayConfig olcOverlay: {9}autogroup olcAGattrSet: pwdPolicy memberUrl seeAlso olcAGmemberOfAd: pwdPolicySubentry
The goal is to have a memberUrl inside a pwdPolicy object, that can target accounts that need to have this policy. For example:
dn: cn=default,ou=ppolicies,dc=example,dc=com changetype: modify replace: memberURL memberURL: ldap:///ou=users,dc=example,dc=com??one?(uid=user*)
The autogroup "olcAGattrSet" is working well, I can see the seeAlso values. But the "olcAGmemberOfAd" does not seem to be applied.
I don't know if this is a conflict with ppolicy overlay, or other overlays (dynlist, memberof). I join a full debug log, maybe you can find what is going wrong. We see that "autogroup_member_search_modify_cb" function is called, but user entry is not modified.
Do you think this configuration could work?
openldap-technical@openldap.org