LDAP cannot enable attribute memberOf
Here is my configuration
Code:
root@dev-ldap1:/etc/ldap/slapd.d/cn=config# cat cn\=module\{0\}.ldif Code:
root@dev-ldap1:~# cat vpn.group.ldif Code:
root@dev-ldap1:~# slapadd -c -v -l vpn.group.ldif Thank you so much. |
member isn't a valid attribute of posixGroup. Try memberUid http://ldap.akbkhome.com/index.php/o...html#memberUid
|
Quote:
I tried to use attribute member with objectclass groupOfNames, Adding is ok. Code:
root@dev-ldap1:~# cat ou2.ldif Code:
root@dev-ldap1:~# ldapsearch -x cn=testgroup Code:
root@dev-ldap1:~# ldapsearch -x uid=test1 memberOf |
your ldifs and searches appear to have nothing to do with one another. What are you trying to achieve?? There is no mention of memberOf at all, outside of you saying it doesn't work. Why do you think it should work in the first place? Note though that your search there DOES work just fine, there is simply no data returned as there is apparently nothing using memberOf in the first place.
|
Quote:
I want to search User specifically to find which groups that user belong to. I tried to do like http://www.openldap.org/doc/admin24/...%20Maintenance and http://serverfault.com/questions/732...penldap-server and want to see memberOf in Search result, if test1 is member of group testgroup, like this Code:
# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf |
yea, but there clearly IS no "memberOf" attribute to show. Are you expecting it to magically appear by virtue of the corresponding "member" attribute existing in the group? LDAP in itself doesn't do that, it doesn't put a context on these attributes, they are just strings of data, and don't mean anything until use use them accordingly.
|
Quote:
I have to give data memberof directly to Users, like this .ldif file. Code:
root@dev-ldap1:~# cat ou2.ldif Code:
root@dev-ldap1:~# ldapsearch -x uid=test1 memberOf Thank you so much, acid_kewpie. |
about this overlay
In my tests , I this overlay doesn't works properly !
maybe we need some help from "white ninja with the hair in eye from the north of china " techniques ? and if we need to put manually the member of attrs, what is the purpose of this overlay???? cheers |
please don't hijack other threads.
The use of an overlay / schema extension is to provide the framework of metadata to allow the attributes to exist correctly and in a controlled manner. it doesn't just add them for you, as that doesn't really make any sense. It gives you the ability to add them yourself. LDAP schemas are a LOT more complicated that you probably think they are. |
sorry I need post this to free my account.
---------- Post added 03-13-12 at 07:57 AM ---------- ok acid_kewpie you can explain more this point? becose, reading http://www.openldap.org/doc/admin24/overlays.html "The memberof overlay updates an attribute (by default memberOf) whenever changes occur to the membership attribute (by default member) of entries of the objectclass (by default groupOfNames) configured to trigger updates. Thus, it provides maintenance of the list of groups an entry is a member of, when usual maintenance of groups is done by modifying the members on the group entry." this make me think that the memberof overlay will update this attributes automatically in previous accord with http://linux.die.net/man/5/slapo-memberof reading this another post http://serverfault.com/questions/732...penldap-server , we can see the same example, and the autor not add previouslly memberof attribute at the user object. Sorry, it I am insistent with this, but I wish to use this resource. |
reply
Quote:
Your reply to my post don help anything. Could you please , if not know about this issue , leave the tread for other real contributions. salute |
Quote:
|
if I need manage manually the attribut memberof at user what I would use the memeberOf.
I remove the overlay, and insert manually, and this works. userX@pc42818:~/LDAP$ ldapsearch -LL -x -b dc=example,dc=com "(uid=test1)" memberOf version: 1 dn: uid=test1,ou=People,dc=example,dc=com memberOf: cn=testgroup,ou=Group,dc=example,dc=com but this not sense, if it is true, what the real advantage to use the overlay memberOf? if somebody know, please tell me. |
the real advantage is the bidirectional availability of data. It's taking these variables, the member attribute in a group, and the memberOf attribute on a user object. These fields are just arbitrary items of data by default, they don't *mean* anything at all. The overlay makes them become associated with one another, and updates the peer object's attribute automatically, meaning you have different ways to manipulate the data.
|
All times are GMT -5. The time now is 12:09 PM. |