Red Hat Directory Server does not expand 'memberURL' to retrieve dynamic members in ldapsearch operations
Issue
- Red Hat Directory Server dynamic group is created as following:
dn: cn=dynamicgroup,dc=example,dc=com
cn: dynamicgroup
member: uid=static_member,ou=itgroup,dc=example,dc=com
memberURL: ldap:///ou=itgroup,dc=example,dc=com??one?(nsRoleDN=cn=dynamic_members)
objectClass: top
objectClass: groupOfNames
objectClass: groupOfUniqueNames
objectClass: groupOfUrls
- ldapsearch for members of above group only returns static members:
# ldapsearch -x -D "cn=Directory Manager" -w password -H ldap://ldapserver.example.com "memberOf=cn=dynamicgroup,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: memberOf=cn=dynamicgroup,dc=example,dc=com
# requesting: ALL
#
# static_member, itgroup, example.com
dn: uid=static_member,ou=itgroup,dc=example,dc=com
memberOf: cn=dynamicgroup,dc=example,dc=com
uid: static_member
givenName: John Smith
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: nsMemberOf
sn: Smith
cn: John
userPassword:: e1BCS0RGMl9TSEEyNTZ9QUFBSUFFRWNGdXdpa3lBZ3JqMGtHSERUOW5aRmJvaDc
0OG1SbUhmVmlxNHRyTlpIdFh5T2dOMTNiQjNQbVFvUXQ1UGd0M0ZKZW5hQ1ExbG9DMUFXbHozcnJx
VDlaYVhzU21weDVwZ2VjVEJ3Yk9NM1BkNjQxUGRPVk5SS2l5cGpCVHk2VUZwLzg1UkFhN2l5cVFlZ
postalCode: 1690853535356488
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
- All other member have the attribute nsRoleDN, like:
nsRoleDN: cn=dynamic_members
but were not returned during the ldapsearch
Environment
- Red Hat Directory Server 11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.