Am 20.12.23 um 14:34 schrieb Christoph Pleger:
Hello,no memberOf Attribute yet: root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger + # extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger # requesting: + # # Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de structuralObjectClass: inetOrgPerson entryUUID: c591d5be-3361-103e-8e4a-cfa0242b2e12 creatorsName: cn=admin,dc=cs,dc=tu-dortmund,dc=de createTimestamp: 20231220085905Z entryCSN: 20231220085905.057389Z#000000#000#000000 modifiersName: cn=admin,dc=cs,dc=tu-dortmund,dc=de modifyTimestamp: 20231220085905Z entryDN: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de subschemaSubentry: cn=Subschema hasSubordinates: FALSE # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Do I have to load additional modules like refint, dyngroup or memberof?
NO, you don't need any of these modules
Regards Christoph Stefan Kania wrote:memberOf is an internal Attribute you must put a "+" at the ende of your ldapsearch command Am 20.12.23 um 10:16 schrieb Christoph Pleger:Hallo,------------- dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames -------------For me, it is {0} dynlist, so I created dynlist2.ldif: dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames Modified the AttrSet: ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif This worked well. Then, created it.ldif: dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT) And added that: /usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif Then added me as an IT user: dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/pleger uid: pleger cn: Christoph Pleger userPassword: MyPassword gecos: Christoph Pleger,,, uidNumber: 10000 gidNumber: 10000 sn: Pleger givenName: Christoph employeeType: IT So far, so good. But then: root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf # extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger00 # requesting: memberOf # # Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 So, no sign that I am member of group IT. Regards ChristophAm 18.12.23 um 13:50 schrieb Christoph Pleger:Hello, I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work. As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this: dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member Then, I created a group with this ldif: dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT) But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 . So, I tried another approach with dynlist that I read elsewhere: dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames But with this, I got an error message that memberOf@groupOfNames is unknown. So, I have some questions: 1. Does dynlist work this way only in OpenLDAP 2.6? 2. If no, do I have to import additional overlay ldifs? 3. Do I have to load additional modules other than dynlist? 4. Do I have to set other overlay attributes for the dynlist overlay? Regards Christoph
smime.p7s
Description: Kryptografische S/MIME-Signatur
