Hmm, thinking about this some more... slapo-dynlist(5) says:
"dynamically added attributes do not participate in the filter matching phase of the search request handling." This is a big drawback of slapo-dynlist rendering the work-arounds mentioned in ITS#8613 nearly useless. I have to step back a bit: Why is 'memberOf' not replicated? I vaguely remember other issues: https://www.openldap.org/its/index.cgi?findid=6915 https://www.openldap.org/its/index.cgi?findid=6766 https://www.openldap.org/its/index.cgi?findid=7710 But I wonder whether the real underlying issues might have been fixed in 2.4.x releases. How much effort is it to try to replicate 'memberOf' attribute again? Ciao, Michael.
