Red Hat Directory Server does not expand 'memberURL' to retrieve dynamic members in ldapsearch operations

Solution Verified - Updated -

Issue

  • Red Hat Directory Server dynamic group is created as following:
dn: cn=dynamicgroup,dc=example,dc=com
cn: dynamicgroup
member: uid=static_member,ou=itgroup,dc=example,dc=com
memberURL: ldap:///ou=itgroup,dc=example,dc=com??one?(nsRoleDN=cn=dynamic_members)
objectClass: top
objectClass: groupOfNames
objectClass: groupOfUniqueNames
objectClass: groupOfUrls
  • ldapsearch for members of above group only returns static members:
# ldapsearch -x -D "cn=Directory Manager" -w password -H ldap://ldapserver.example.com "memberOf=cn=dynamicgroup,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: memberOf=cn=dynamicgroup,dc=example,dc=com
# requesting: ALL
#

# static_member, itgroup, example.com
dn: uid=static_member,ou=itgroup,dc=example,dc=com
memberOf: cn=dynamicgroup,dc=example,dc=com
uid: static_member
givenName: John Smith
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: nsMemberOf
sn: Smith
cn: John
userPassword:: e1BCS0RGMl9TSEEyNTZ9QUFBSUFFRWNGdXdpa3lBZ3JqMGtHSERUOW5aRmJvaDc
 0OG1SbUhmVmlxNHRyTlpIdFh5T2dOMTNiQjNQbVFvUXQ1UGd0M0ZKZW5hQ1ExbG9DMUFXbHozcnJx
 VDlaYVhzU21weDVwZ2VjVEJ3Yk9NM1BkNjQxUGRPVk5SS2l5cGpCVHk2VUZwLzg1UkFhN2l5cVFlZ
postalCode: 1690853535356488

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
  • All other member have the attribute nsRoleDN, like: nsRoleDN: cn=dynamic_members but were not returned during the ldapsearch

Environment

  • Red Hat Directory Server 11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content