From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 10 Nov 2020 22:38:10 +0000 (+0000)
Subject: Add documentation on ACL requirements for psuedo-attribute entryDN
X-Git-Tag: OPENLDAP_REL_ENG_2_5_1ALPHA~18^2~226
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4041848587fe7b840dc6cfad480a037fe4c78cd9;p=thirdparty%2Fopenldap.git

Add documentation on ACL requirements for psuedo-attribute entryDN
Also fix up the example for replacing the memberOf overlay
---

diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5
index c10eb8a8d5..a6f2d6af16 100644
--- a/doc/man/man5/slapo-dynlist.5
+++ b/doc/man/man5/slapo-dynlist.5
@@ -143,6 +143,9 @@ to expand the group.
 Values of the 
 .B dgAuthz
 attribute must conform to the (experimental) \fIOpenLDAP authz\fP syntax.
+When using dynamic memberOf in search filters, search access to the
+.B entryDN
+pseudo-attribute is required.
 
 .SH EXAMPLE
 This example collects all the email addresses of a database into a single
@@ -221,7 +224,7 @@ attribute to all the members of a dynamic group:
 
 
 This example extends the dynamic memberOf feature to add the
-.B dgMemberOf
+.B memberOf
 attribute to all the members of both static and dynamic groups:
 .LP
 .nf
@@ -232,7 +235,7 @@ attribute to all the members of both static and dynamic groups:
     # ...
 
     overlay dynlist
-    dynlist\-attrset groupOfURLs memberURL member+dgMemberOf@groupOfNames
+    dynlist\-attrset groupOfURLs memberURL member+memberOf@groupOfNames
 .fi
 .LP
 This dynamic memberOf feature can fully replace the functionality of the