Am 24.11.22 um 02:14 schrieb Howard Chu:
> Using slapd 2.5 with dynlist to generate memberof.
> We use sssd ldap provider with ldap_user_search_filter parameter and memberof filter
and only the user which are memberof=XY are in the sssd cache. So it works as expected,
since slapd 2.5
> We use ldapsearch with memberof filter and it works as expected, since slapd 2.5
> Iam trying out some webapps, configure the ldap filter and iam wondering because the
filter with the memberof attribute will be transmitted to slapd but there is no search
result in the slapd.log. If i copy the webapp ldap filter from the slapd log and try it
out with ldapsearch on the webapp server i get search results.
> Could somebody clearify me ?
Read the slapo-dynlist(5) manpage, especially the note about the manageDSAit control.
Then check the slapd packet trace and see what
controls the webapp is sending with the search request.
About the controls:
Wireshark told me the managedsait control is not sent by the webapp ldap
client and not by the ldapsearch (without -M). I never used -M.
The webapp sends the control "pageresultcontrol" , size 500 to slapd.
The slapd response back to the client "pageresultcontrol" size 0.