Environment
Novell eDirectory 8.8
Novell eDirectory 8.7.3
Situation
After creating a dynamic group in iManager, if you then query the
group through an LDAP browser it will fail and a -306 error is
returned if looking at a LAN or LDAP trace.
Resolution
In the list of attribute mappings for the LDAP Group object check
the mapping for memberQuery. The memberQuery attribute should be
mapped to memberQueryURL and not memberURL. Check the alternate
mappings as well as the primary mapping.
If memberQuery is mapped to memberURL it will cause the memberQuery attribute of the dynamic group to be populated incorrectly when it is created or edited. Since the attribute is saved incorrectly just removing the memberURL attribute mapping and restarting LDAP will not fix the existing dynamic group. Once the incorrect mapping is removed and LDAP is restarted you will need to edit the dynamic group and re-enter the member query so it can be saved in the correct syntax.
If memberQuery is mapped to memberURL it will cause the memberQuery attribute of the dynamic group to be populated incorrectly when it is created or edited. Since the attribute is saved incorrectly just removing the memberURL attribute mapping and restarting LDAP will not fix the existing dynamic group. Once the incorrect mapping is removed and LDAP is restarted you will need to edit the dynamic group and re-enter the member query so it can be saved in the correct syntax.