[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4831) dynlist returns bad data
quanah@stanford.edu wrote:
>
> --On Friday, February 02, 2007 8:26 PM +0000 quanah@stanford.edu wrote:
>
>> Full_Name: Quanah Gibson-Mount
>> Version: 2.3.33
>> OS: Linux 2.6 (64-bit)
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (171.64.19.81)
>>
>>
>> In doing a base query of a dynamic group I had created, I found that the
>> information returned when using the dynlist overlay is bogus.
>
> And what I expected to see was something more along the lines of:
>
> dn: cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu
> objectClass: groupOfURLs
> cn: registry-consult
> memberURL:
> ldap:///cn=people,dc=stanford,dc=edu??sub?(suprivilegegroup=value:value2)
One of the distinguishing features of the dynlist overlay is that it can
actually __create__ a dynamic view of the listed data by collecting all
values of all attributes (honoring few constraints, like all additional
values of single-valued attributes get discarded; I believe in HEAD code
it also avoids merging other structural objectClasses unless they fit
into the hierarchy of the current structuralObjectClass). To limit
this, you can use the <attrs> field of the URL, so that only the listed
attrs are actually merged. Or, if you want it to behave exactly like a
group, you should configure it with the <member-ad> field:
dynlist-attrset <group-oc> <URL-ad> [<member-ad>]
The value <group-oc> is the name of the objectClass that trig-
gers the dynamic expansion of the data.
The value <URL-ad> is the name of the attributeDescription that
cointains the URI that is expanded by the overlay; if none is
present, no expansion occurs. If the intersection of the
attributes requested by the search operation (or the asserted
attribute for compares) and the attributes listed in the URI is
empty, no expansion occurs for that specific URI. It must be a
subtype of labeledURI.
The value <member-ad> is optional; if present, the overlay
behaves as a dynamic group: this attribute will list the DN of
the entries resulting from the internal search. In this case,
the <attrs> portion of the URI must be absent, and the DNs of
all the entries resulting from the expansion of the URI are
listed as values of this attribute. Compares that assert the
value of the <member-ad> attribute of entries with <group-oc>
objectClass apply as if the DN of the entries resulting from
the expansion of the URI were present in the <group-oc> entry
as values of the <member-ad> attribute.
To see what you expect, you need to add the manageDSAit control (I
believe this is undocumented; I'll fix it in a moment).
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------