[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: olcLimits and groupOfURLs dynlist
From: Norman Gray <gray () nxg ! name>
Date: 2024-02-08 17:41:57
Message-ID: 59DF247E-D873-45C4-83D1-3D761179CB5B () nxg ! name
[Download RAW message or body]
Howard, hello.
On 8 Feb 2024, at 16:22, Howard Chu wrote:
>> And slapo-dynlist says:
>>
>> Any time an entry with a specific objectClass is being returned,
>> the LDAP URI-valued occurrences of a specific attribute are expanded
>> into the corresponding entries, and the values of the attributes liste=
d
>> in the URI are added to the original entry.
>
> The text above is for a *dynamic list* - which is not a *dynamic group*=
=2E
Sure -- no dispute about that.
But we're talking about olcLimits.
The documentation for olcLimits includes the words
the oc group objectClass (default groupOfNames) whose DN exactly matc=
hes pattern.
That doesn't say anything about restricting these to 'dynamic groups' (in=
slapo-dynlist terminology). Those words seem to cover any entry of the =
designated objectClass which has the designated DN.
The olcLimits declaration I quoted works one way when the entry with the =
given DN is a static/normal/explicit group, and works a different way whe=
n an entry with the same DN and the _same_ set of 'member' attributes is =
produced on expansion by dynlist. The documentation of olcLimits doesn't=
suggest that's deliberate.
Again, if OpenLDAP/dynlist is incapable of generating this entry, then th=
at's fine -- I'll bodge some different way of getting what I need.
Best wishes,
Norman
-- =
Norman Gray : https://nxg.me.uk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic