[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6290) Faulty documentation for dynamic groups in Admin Guide

Full_Name: Ryan Steele
Version: 2.4.18
OS: Ubuntu
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

In the following example, entries with the 'groupOfNames' object class trigger
an expansion on the 'labeledURI' attribute.  The query executed by the
labeledURI attribute returns entries of type 'member'.  According to section
12.7.2 of the Admin Guide, this is acceptable and is in fact the example used,
yet core.schema defines the 'member' attribute as a 'MUST' for the groupOfNames
objectClass, causing this error:

ldapadd -x -D cn=admin,dc=example,dc=com -w SECRET
dn: cn=dev,ou=Groups,dc=example,dc=com
ou: Groups
cn: dev
objectClass: groupOfNames
description: A group containing the dn for each of the developers
labeledURI: ldap:////ou=Users,dc=example,dc=com?uid?sub?(&(employeeType=Developer)(objectClass=exampleEmployee))

adding new entry "cn=dev,ou=Groups,dc=example,dc=com"
ldap_add: Object class violation (65)
	additional info: object class 'groupOfNames' requires attribute 'member'