[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: olcLimits and groupOfURLs dynlist
From:       Norman Gray <gray () nxg ! name>
Date:       2024-02-08 17:41:57
Message-ID: 59DF247E-D873-45C4-83D1-3D761179CB5B () nxg ! name
[Download RAW message or body]


Howard, hello.

On 8 Feb 2024, at 16:22, Howard Chu wrote:

>> And slapo-dynlist says:
>>
>> Any time an entry with a specific objectClass is being returned,
>> the LDAP URI-valued occurrences of a specific attribute are expanded
>> into the corresponding entries, and the values of the attributes liste=
d
>> in the URI are added to the original entry.
>
> The text above is for a *dynamic list* - which is not a *dynamic group*=
=2E

Sure -- no dispute about that.

But we're talking about olcLimits.

The documentation for olcLimits includes the words

    the oc group objectClass (default groupOfNames) whose DN exactly matc=
hes pattern.

That doesn't say anything about restricting these to 'dynamic groups' (in=
 slapo-dynlist terminology).  Those words seem to cover any entry of the =
designated objectClass which has the designated DN.

The olcLimits declaration I quoted works one way when the entry with the =
given DN is a static/normal/explicit group, and works a different way whe=
n an entry with the same DN and the _same_ set of 'member' attributes is =
produced on expansion by dynlist.  The documentation of olcLimits doesn't=
 suggest that's deliberate.

Again, if OpenLDAP/dynlist is incapable of generating this entry, then th=
at's fine -- I'll bodge some different way of getting what I need.

Best wishes,

Norman


-- =

Norman Gray  :  https://nxg.me.uk
[prev in list] [next in list] [prev in thread] [next in thread]