.B dynlist
overlay to
.BR slapd (8)
-allows expansion of dynamic groups and more.
+allows expansion of dynamic lists and groups.
Any time an entry with a specific objectClass (defined in the overlay configuration) is being returned,
the LDAP URI-valued occurrences of a specific attribute (also defined in the overlay configuration) are
-expanded into the corresponding entries, and the values
-of the attributes listed in the URI are added to the original
+expanded into the corresponding entries.
+
+For a dynamic list, the values
+of the attributes listed in the URI are added from the matching entries to the original
entry.
No recursion is allowed, to avoid potential infinite loops.
-
The resulting entry must comply with the LDAP data model, so constraints
are enforced.
For example, if a \fISINGLE\-VALUE\fP attribute is listed,
only the first value found during the list expansion appears in the final entry.
+
+For a dynamic group, the DNs of the matching entries are added to a member attribute
+in the original entry.
+
All dynamic behavior is disabled when the \fImanageDSAit\fP
control (RFC 3296) is used.
-In that case, the contents of the dynamic group entry is returned;
+In that case, the contents of the original entry is returned;
namely, the URLs are returned instead of being expanded.
.SH CONFIGURATION
.B overlay
directive.
.TP
-.B dynlist\-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad>[+<memberOf-ad[@<static-oc>[*]] ...]
+.B dynlist\-attrset <group-oc> [<URI>] <URL-ad> [options]
+
The value
.B group\-oc
is the name of the objectClass that triggers the dynamic expansion of the
in the URI is empty, no expansion occurs for that specific URI.
It must be a subtype of \fIlabeledURI\fP.
-The value
+The remaining options depend on whether a dynamic list or a dynamic group
+is being configured.
+
+For a dynamic list, the allowed options have the form
+
+.B [<mapped-ad>:<list-ad> ...]
+
+The
+.B mapped-ad
+can be used to remap attributes obtained through expansion.
+The
+.B list-ad
+must be one of the attributes returned in the expansion of the URIs in the
+.B URL-ad
+attribute of the dynamic entry. Multiple mapping statements can be used.
+Note that in order for dynamic lists
+to be usable in a search filter, the dynamic attributes to be filtered
+must be explicitly mapped. They can be mapped to themselves
+if no transformation is required.
+
+For a dynamic group, the allowed options are
+
+.B <member-ad>[+<memberOf-ad>[@<static-oc>[*]]]
+
+The
.B member-ad
-is optional; if present, the overlay behaves as a dynamic group: this
+is required; this
attribute will list the DN of the entries resulting from the internal search.
In this case, the \fIattrs\fP portion of the URIs in the
.B URL-ad
populated recursively, for nested groups. Note that currently nesting is
only supported for Search operations, not Compares.
-Alternatively,
-.B mapped-ad
-can be used to remap attributes obtained through expansion.
-.B member-ad
-attributes are not filled by expanded DN, but are remapped as
-.B mapped-ad
-attributes. Multiple mapping statements can be used. The
-.B memberOf-ad
-option is not used in this case. Note that in order for dynamic lists
-to be usable in a search filter, the dynamic attributes to be filtered
-in the list must be explicitly mapped. They can be mapped to themselves
-if no transformation is required.
-
.LP
The dynlist overlay may be used with any backend, but it is mainly
intended for use with local storage backends.
projects / thirdparty / openldap.git / commitdiff
