Hello to all of you,
So, the situation is the following: I have a dynamic group (objectClass: groupOfURLs) and on my ldap filter I fetch the users UID. When I access the content of the group, there are a set of members there, one of them is testUser1, but when I search for (&(objectClass=groupOfURLs)(uid=testUser1)) the search result is empty.
However when I search for an attribute which is native to the class, such as owner, the search returns the group.
Is it possible for an ldap search to return the dynamic groups a user belongs to?
Carlos Santos wrote:
So, the situation is the following: I have a dynamic group (objectClass: groupOfURLs) and on my ldap filter I fetch the users UID. When I access the content of the group, there are a set of members there, one of them is testUser1, but when I search for (&(objectClass=groupOfURLs)(uid=testUser1)) the search result is empty.
However when I search for an attribute which is native to the class, such as owner, the search returns the group.
Is it possible for an ldap search to return the dynamic groups a user belongs to?
Not really. man slapo-dynlist says:
-------------------------------- snip -------------------------------- Since the resulting entry is dynamically constructed, it does not exist until it is constructed while being returned. As a consequence, dynamically added attributes do not participate in the filter matching phase of the search request handling. In other words, filtering for dynamically added attributes always fails. -------------------------------- snip --------------------------------
Ciao, Michael.
openldap-technical@openldap.org