One of the changes from 2.4 to 2.5 is that dynlist groups are now returned with (member=memberDN) searches. This is potentially appealing, but even with the ITS#9929 performance improvements, given the number of dynlist groups we have, search times are significantly impacted.
We'd like to be able to cleanly disable this feature and exclude dynlist groups from (member=memberDN) filter consideration. The only way I've found so far is to patch the dynlist code itself. What I'm currently doing is adding a continue statement right above this line in dynlist_search():
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_5_14/se...
That way the member searches are excluded, but dynlists otherwise work as expected.
Here is the dynlist config we're using, just basic support for groupOfURLs/memberURL:
overlay dynlist dynlist-attrset groupOfURLs memberURL member
Is there some way to achieve my goal without having to patch the code? Or should I open an ITS feature request to add a configurable option to exclude dynlists from member searches?
Thanks,
-Kartik
openldap-technical@openldap.org