slapo-dyngroup - Man Page

Dynamic Group overlay to slapd

Synopsis

/etc/openldap/slapd.conf

Description

The Dynamic Group overlay allows clients to use LDAP Compare operations to test the membership of a dynamic group the same way they would check against a static group. Compare operations targeting a group's static member attribute will be intercepted and tested against the configured dynamic group's URL attribute.

Note that this intercept only happens if the actual Compare operation does not return a LDAP_COMPARE_TRUE result. So if a group has both static and dynamic members, the static member list will be checked first.

Configuration

This slapd.conf option applies to the Dynamic Group overlay. It should appear after the overlay directive.

attrpair <memberAttr> <URLattr>

Specify the attributes to be compared. A compare operation on the memberAttr will cause the URLattr to be evaluated for the result.

Examples

  database mdb
  ...
  overlay dyngroup
  attrpair member memberURL

Files

/etc/openldap/slapd.conf

default slapd configuration file

Backward Compatibility

The dyngroup overlay has been reworked with the 2.5 release to use a consistent namespace as with other overlays. As a side-effect the following cn=config parameters are deprecated and will be removed in a future release: olcDGAttrPair is replaced with olcDynGroupAttrPair olcDGConfig is replaced with olcDynGroupConfig

See Also

slapd.conf(5), slapd-config(5).

Author

Howard Chu

Referenced By

slapd.overlays(5).

2022/07/14 OpenLDAP 2.6.3