Hello, all. We have a multi-tenant set up where each client has a group which contains all their internal users. We thought we would save time by creating a dynamic group using a filter such as: ldap:///ou=internal,ou=users,dc=X,dc=com,dc=ssiservices, dc=biz??sub?(&(objectclass=person)(uid=*)) This appears to work and adequately populates the group. However, when the user logs in to a Linux system, the Linux system queries for group membership. We are noticing that we do not get any results when using dynamic groups. If we make the same group managed, we see the group membership. Notice these two records from the access log (truncated because of screen scraping): filter="(&(objectClass=posixGroup)(|(memberUid=te.kee)(uniqueMember=uid=te.kee,ou=internal,ou=Users,dc=ebc-co,dc=com,dc=ssiservices,dc= RESULT err=0 tag=101 nentries=1 etime=0 N.B. we have an entry. This used managed groups. When we change to dynamic groups, we see this: filter="(&(objectClass=posixGroup)(|(memberUid=te.kee)(uniqueMember=uid=te.kee,ou=internal,ou=Users,dc=ebc-co,dc=com,dc=ssiservices,dc RESULT err=0 tag=101 nentries=0 etime=0 N.B. no entries! Have we done something wrong? Is this a bug or is it the way it is supposed to work? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
