Re: status of dyngroup/dynlist?

[Ben Poliakoff <benp@reed.edu>]

* Pierangelo Masarati <ando@sys-net.it> [20050520 03:31]:

> > memberURL:
> > ldap:///ou=People,dc=example,dc=com?sub?(&(objectClass=posixaccount)
> >  (gidnumber=123))
> >
> > memberURL:
> > ldap:///ou=People,dc=example,dc=com?sub?(objectclass=groupofnames)
> 
> Neither fo the above is a valid LDAP URL; I'd check
> rfc2255/draft-ietf-ldapbis-url for the correct syntax, based on what you
> expect it to do.
> 

Thanks for pointing me in the right direction.  I looked at rfc2255 and
figured out the problem with my URLs.

And for the sake of the readers of the archives of this list, the
problem was that I was missing a question mark delimiter for the
attributes being requested by the search.  In the case of a dyngroup one
doesn't want any attributes returned (just the matching DNs to populate
the member attribute of my dyngroup); but you still need the delimiter
even if the field being delimited is empty.

So my original URL didn't work:

    ldap:///ou=People,dc=example,dc=com?sub?(objectclass=groupofnames)

Here's fixed version of the URL (note the extra question mark):

    ldap:///ou=People,dc=example,dc=com??sub?(objectclass=groupofnames)

And if I were trying to retrieve a specific attribute ("cn", for
instance) it would be:

    ldap:///ou=People,dc=example,dc=com?cn?sub?(objectclass=groupofnames)

My dyngroups are working now.

Thanks again,

Ben