From 4041848587fe7b840dc6cfad480a037fe4c78cd9 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Tue, 10 Nov 2020 22:38:10 +0000 Subject: [PATCH] Add documentation on ACL requirements for psuedo-attribute entryDN Also fix up the example for replacing the memberOf overlay --- doc/man/man5/slapo-dynlist.5 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5 index c10eb8a8d5..a6f2d6af16 100644 --- a/doc/man/man5/slapo-dynlist.5 +++ b/doc/man/man5/slapo-dynlist.5 @@ -143,6 +143,9 @@ to expand the group. Values of the .B dgAuthz attribute must conform to the (experimental) \fIOpenLDAP authz\fP syntax. +When using dynamic memberOf in search filters, search access to the +.B entryDN +pseudo-attribute is required. .SH EXAMPLE This example collects all the email addresses of a database into a single @@ -221,7 +224,7 @@ attribute to all the members of a dynamic group: This example extends the dynamic memberOf feature to add the -.B dgMemberOf +.B memberOf attribute to all the members of both static and dynamic groups: .LP .nf @@ -232,7 +235,7 @@ attribute to all the members of both static and dynamic groups: # ... overlay dynlist - dynlist\-attrset groupOfURLs memberURL member+dgMemberOf@groupOfNames + dynlist\-attrset groupOfURLs memberURL member+memberOf@groupOfNames .fi .LP This dynamic memberOf feature can fully replace the functionality of the