[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More on dynamic group searches



Ian Collins wrote:
Hello,

This is my first post here, so if I'm going over old ground, please let
me know (I have searched).

I have looked through the archives and reached the conclusion that there
isn't a convenient means of searching for groups based on a dynamic
entry.  For example, if I have a dynlist entry containing

olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember

uniqueMember is dynamically added to search results, but can't be part
of the search.

Is this conclusion correct?

Yes.

I am migrating a client over from Sun's directory manager (which does
allow searching on dynamic attributes) to OpenLDAP, so I have to support
all the client applications that currently authenticate against and use
LDAP.  For example:

filter="(&(objectClass=posixGroup)(uniqueMember=cn=Admins,ou=groups,o=staff,dc=company))"
attrs="gidNumber"

Don't use dynamic groups then. Use autogroups.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/