[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using dyngroup

--On Monday, February 21, 2005 1:30 PM +0100 Josà Accino <accino@uma.es> wrote:

El Fri, 18 Feb 2005 09:44:06 -0800 Quanah Gibson-Mount
<quanah@stanford.edu> escribiÃ:

As I recall, the dynamic group overlay only lets you compare whether
or not someone is a member of a group, and does not create lists of
members for searches.


Thanks. In that case, are there somewhere any samples about setting up slapd.conf and making those comparisons? I've been looking at the archives of the lists but I'm unable to find any hints...

The first thing you have to do is add the dynamic group overlay using the:

overlay dyngroup


Then read slapd.access(5) man page.

" For static groups, the  specified  attributeType  must  have
    DistinguishedName  or NameAndOptionalUID syntax. For dynamic
    groups the attributeType must be a subtype of the labeledURI
    attributeType.     Only    LDAP    URIs    of    the    form
    ldap:///<base>??<scope>?<filter>  will  be  evaluated  in  a
    dynamic group, by searching the local server only."


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin