LDAP cannot enable attribute memberOf
 

Here is my configuration
And I try to add user like as member of group
but error

Please tell me what's wrong.
Thank you so much.

member isn't a valid attribute of posixGroup. Try memberUid http://ldap.akbkhome.com/index.php/o...html#memberUid

Thank you, acid_kewpie.

I tried to use attribute member with objectclass groupOfNames, Adding is ok.
Show testgroup
But I cannot search with memberOf
What is wrong?

your ldifs and searches appear to have nothing to do with one another. What are you trying to achieve?? There is no mention of memberOf at all, outside of you saying it doesn't work. Why do you think it should work in the first place? Note though that your search there DOES work just fine, there is simply no data returned as there is apparently nothing using memberOf in the first place.

I didn't explain clearly enough my purpose.
I want to search User specifically to find which groups that user belong to.
I tried to do like http://www.openldap.org/doc/admin24/...%20Maintenance and http://serverfault.com/questions/732...penldap-server

and want to see memberOf in Search result, if test1 is member of group testgroup, like this
But my case, I don't see it.

yea, but there clearly IS no "memberOf" attribute to show. Are you expecting it to magically appear by virtue of the corresponding "member" attribute existing in the group? LDAP in itself doesn't do that, it doesn't put a context on these attributes, they are just strings of data, and don't mean anything until use use them accordingly.

I understand you mean,
I have to give data memberof directly to Users, like this .ldif file.
After that it works,
Very cool.

Thank you so much, acid_kewpie.

about this overlay
 

In my tests , I this overlay doesn't works properly !

maybe we need some help from "white ninja with the hair in eye from the north of china " techniques ?

and if we need to put manually the member of attrs, what is the purpose of this overlay????



cheers

please don't hijack other threads.

The use of an overlay / schema extension is to provide the framework of metadata to allow the attributes to exist correctly and in a controlled manner. it doesn't just add them for you, as that doesn't really make any sense. It gives you the ability to add them yourself. LDAP schemas are a LOT more complicated that you probably think they are.

sorry I need post this to free my account.

---------- Post added 03-13-12 at 07:57 AM ----------

ok acid_kewpie

you can explain more this point?
becose, reading http://www.openldap.org/doc/admin24/overlays.html

"The memberof overlay updates an attribute (by default memberOf) whenever changes occur to the membership attribute (by default member) of entries of the objectclass (by default groupOfNames) configured to trigger updates.

Thus, it provides maintenance of the list of groups an entry is a member of, when usual maintenance of groups is done by modifying the members on the group entry."

this make me think that the memberof overlay will update this attributes automatically in previous accord with http://linux.die.net/man/5/slapo-memberof

reading this another post http://serverfault.com/questions/732...penldap-server , we can see the same example, and the autor not add previouslly memberof attribute at the user object.

Sorry, it I am insistent with this, but I wish to use this resource.

reply
 

Dear moderator, I expect other contributions about this issue, from other people who facing the same problem.
Your reply to my post don help anything. Could you please , if not know about this issue , leave the tread for other real contributions.

salute

I did answer your question as I understood it. But it looks like you would benefit from learning how to use forums more effectively.

if I need manage manually the attribut memberof at user what I would use the memeberOf.

I remove the overlay, and insert manually, and this works.

userX@pc42818:~/LDAP$ ldapsearch -LL -x -b dc=example,dc=com "(uid=test1)" memberOf
version: 1

dn: uid=test1,ou=People,dc=example,dc=com
memberOf: cn=testgroup,ou=Group,dc=example,dc=com

but this not sense, if it is true, what the real advantage to use the overlay memberOf?
if somebody know, please tell me.

the real advantage is the bidirectional availability of data. It's taking these variables, the member attribute in a group, and the memberOf attribute on a user object. These fields are just arbitrary items of data by default, they don't *mean* anything at all. The overlay makes them become associated with one another, and updates the peer object's attribute automatically, meaning you have different ways to manipulate the data.