Maybe I¹m just being delusional in thinking that this should work...
running OpenLDAP 2.4.23 on IBM AIX for authentication on a variety of AIX,
Linux and web applications.
As we need to use both Posixgroup and groupOfNames objects with the same
membership, the dynamic list overlay seems like an ideal approach. This
configuration appeared to work fine for our linux hosts and web
applications, but not so well for our AIX hosts:
dynlist-attrset posixGroup labeledURI memberUid:uid
However, the AIX hosts do a search for (memberUid=jbagley)¹ to determine
group membership and the ldap server does not return the above object.
guessing that I was wrong in assuming the overlay would handle this type
application and that I will have to find another way. Anyone have any
helpful tips? Advice? Condolences if I now have to manage twice as many
Dynamic groups expanded by dynlist cannot be searched by filtering on
dynamic members. You may want to look at autogroup (in
contrib/slapd-modules/autogroup/), which works according to a totally