Michael Ströder wrote:
It's easy to change the config of OpenLDAP 2.5 from "overlay memberof"
to "overlay dynlist" and it just works. Nice. :-)
But the existing database then still contains the 'memberOf' attribute
Ideally one should reload the database. But if anything fails:
Does it do any harm if 'memberOf' attribute values are still present in
the database but slapo-dynlist is supposed to compute 'memberOf'
attribute values based on recently changed group membership?
Old static values are left untouched. They will be present in search results,
and so may go stale over time if not deleted. I suppose dynlist could be
changed to just omit any existing static values, but that's not what it
does at present.
At the end I will instruct the admins to reload databases especially
also save space. But it would be less operational stress if I could
decouple the config change from the database re-load.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/