[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4831) dynlist returns bad data

quanah@stanford.edu wrote:
> --On Friday, February 02, 2007 8:26 PM +0000 quanah@stanford.edu wrote:
>> Full_Name: Quanah Gibson-Mount
>> Version: 2.3.33
>> OS: Linux 2.6 (64-bit)
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (
>> In doing a base query of a dynamic group I had created, I found that the
>> information returned when using the dynlist overlay is bogus.
> And what I expected to see was something more along the lines of:
> dn: cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu
> objectClass: groupOfURLs
> cn: registry-consult
> memberURL: 
> ldap:///cn=people,dc=stanford,dc=edu??sub?(suprivilegegroup=value:value2)

One of the distinguishing features of the dynlist overlay is that it can
actually __create__ a dynamic view of the listed data by collecting all
values of all attributes (honoring few constraints, like all additional
values of single-valued attributes get discarded; I believe in HEAD code
it also avoids merging other structural objectClasses unless they fit
into the hierarchy of the current structuralObjectClass).  To limit
this, you can use the <attrs> field of the URL, so that only the listed
attrs are actually merged.  Or, if you want it to behave exactly like a
group, you should configure it with the <member-ad> field:

 dynlist-attrset <group-oc> <URL-ad> [<member-ad>]
        The  value <group-oc> is the name of the objectClass that trig-
        gers the dynamic expansion of the data.

        The value <URL-ad> is the name of the attributeDescription that
        cointains  the  URI that is expanded by the overlay; if none is
        present, no expansion  occurs.   If  the  intersection  of  the
        attributes  requested  by the search operation (or the asserted
        attribute for compares) and the attributes listed in the URI is
        empty, no expansion occurs for that specific URI.  It must be a
        subtype of labeledURI.

        The value <member-ad> is  optional;  if  present,  the  overlay
        behaves  as a dynamic group: this attribute will list the DN of
        the entries resulting from the internal search.  In this  case,
        the  <attrs>  portion of the URI must be absent, and the DNs of
        all the entries resulting from the expansion  of  the  URI  are
        listed  as  values of this attribute.  Compares that assert the
        value of the <member-ad> attribute of entries  with  <group-oc>
        objectClass  apply  as  if the DN of the entries resulting from
        the expansion of the URI were present in the  <group-oc>  entry
        as values of the <member-ad> attribute.

To see what you expect, you need to add the manageDSAit control (I
believe this is undocumented; I'll fix it in a moment).


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it