slapo-dyngroup - Dynamic Group overlay to slapd
/etc/ldap/slapd.conf
The Dynamic Group overlay allows clients to use LDAP Compare operations to test
the membership of a dynamic group the same way they would check against a
static group. Compare operations targeting a group's static member attribute
will be intercepted and tested against the configured dynamic group's URL
attribute.
Note that this intercept only happens if the actual Compare operation does not
return a LDAP_COMPARE_TRUE result. So if a group has both static and dynamic
members, the static member list will be checked first.
This
slapd.conf option applies to the Dynamic Group overlay. It should
appear after the
overlay directive.
- attrpair <memberAttr> <URLattr>
- Specify the attributes to be compared. A compare operation
on the memberAttr will cause the URLattr to be evaluated for
the result.
database mdb
...
overlay dyngroup
attrpair member memberURL
- /etc/ldap/slapd.conf
- default slapd configuration file
The dyngroup overlay has been reworked with the 2.5 release to use a consistent
namespace as with other overlays. As a side-effect the following cn=config
parameters are deprecated and will be removed in a future release:
olcDGAttrPair is replaced with olcDynGroupAttrPair
olcDGConfig
is replaced with olcDynGroupConfig
slapd.conf(5),
slapd-config(5).
Howard Chu