On Wednesday, February 17, 2016 10:17:40 AM William Brown wrote:
On Tue, 2016-02-16 at 12:54 +0100, Frank Munsche wrote:
> Hi guys,
> how can I determine the members of a dynamic group? After some research,
> it is still not obvious to me. There is an example at page 220 of the
> redhat directory server adm guide at:
> Within the 389 console you can list the members of the dynamic group using
> the 'test' button. Unfortunately, I'm using a stripped down
> of 389 without the admin server. But it should be possible to list the
> members of a dynamic group using ldapsearch, or?
> I've tried to query the dyn group object itself, but the members are
> ldapsearch -H ldap://ldap.example.org
-D "cn=directory manager" -W -Z
> -b 'cn=admin,ou=sampleapp,ou=appgroups,dc=example,dc=org'
> dn: cn=admin,ou=sampleapp,ou=appgroups,dc=example,dc=org
> objectClass: top
> objectClass: groupOfUniqueNames
> objectClass: groupOfURLs
> cn: admin
> description: sampleapp admin users dyn group
> memberURL: ldap:///ou=people,dc=example,dc=org??sub?(&(objectclass=pers
You can test this by running an ldap search as:
ldapsearch -b ou=people,dc=example,dc=org -s sub
OpenLDAP has an "overlay" which allows the memberUrl to be expanded during a
search request into "member" attrs on the groupOfUrls.
Right now, we don't have this in 389-ds.
If you have an account on fedorahosted, we would really appreciate you
lodging a ticket about this.
Otherwise, you need to do the expansion by hand.
Sorry about that,
thank you for the explanation. Does this mean, whenever an application
accesses the dynamic group, the memberURL attribute(s) will be sent back to
the app? After this, it's on the application to create a new ldap operation
using the parts of the memberURL ?
But if so, the host part of the url would not be correct, or? ldap:///
refers to the local directory server itself. Means, to get it working, there
must be the name of the directory server included as like
thank you very much ,
I'm still wondering if dynamic groups of 389-ds work at all right now.