[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4443) ldapsearch for dyngroup members does not work



> Issueing the following ldapsearch I'd expect it to both group entries:
> ldapsearch -b "ou=Tomcat_Roles,dc=o2online,dc=de" -D "<rootdn>" -H
> ldap://<ip>
> -WxZZLLL "(uniqueMember=uid=root,ou=tomcat_users,dc=o2online,dc=de)"

Your expectation is incorrect, since your search uses a base which differs
from the DN of the dynamic group.  Dynamic group expansion occurs when a
dynamic group is being returned by a search, so it occurs __after__ a
filter is applied, and your filter cannot match the dynamic object
__before__ expansion.  Either you filter for data that is statically in
the dynamic object, or access it by DN doing a base search.

p.



Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------