[Date Prev][Date Next] [Chronological] [Thread] [Top]

Dynamic groups



Quanah Gibson-Mount said:
> There is documentation in slapd.access on how to set up the ACL rules
> for a  dynamic group... I can provide you an example here of what I've
> done for  our testing purposes.
>
> I created an ACL for a dynamic group called
> "cn=itss,cn=applications,dc=stanford,dc=edu"
>
> The ACL looks like this:
[much snipped]

I'm a little confused by this.  You and Howard have made references to
dynamic groups in an ACL context... does this mean that dynamic groups
only work in access statements in slapd.conf?

I've built the OPENLDAP_REL_ENG_2_2 branch, and added an object thusly:

dn: cn=dyntest,ou=group,dc=quris,dc=com
objectclass: groupOfURLs
objectclass: top
cn: dyntest
memberURL: ldap:///ou=people,dc=quris,dc=com??sub?(o=Quris)

(Server is including the dyngroup.schema)

When I query against the dyntest object, all I get is the
object/attributes as I added them, not an enumeration based on the
memberURL expression.

Do I misunderstand the purpose of the implementation?  Is there a missing
step?  I realize the CVS implmentation may not be complete, just trying to
understand what is coming.  Thanks for your indulgence.
-Alan

===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>