Hallo,
> -------------
> dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config
> changetype: modify
> add: olcDlAttrSet
> olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
> -------------
For me, it is {0} dynlist, so I created dynlist2.ldif:
dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDlAttrSet
olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Modified the AttrSet:
ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif
This worked well.
Then, created it.ldif:
dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de
objectClass: groupOfURLs
cn: IT
memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
And added that:
/usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y
/usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif
Then added me as an IT user:
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
homeDirectory: /home/pleger
uid: pleger
cn: Christoph Pleger
userPassword: MyPassword gecos: Christoph Pleger,,,
uidNumber: 10000
gidNumber: 10000
sn: Pleger
givenName: Christoph
employeeType: IT
So far, so good. But then:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu-
dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b
"dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf
# extended LDIF
#
# LDAPv3
# base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree
# filter: uid=pleger00
# requesting: memberOf
#
# Christoph Pleger, people, cs.tu-dortmund.de
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
So, no sign that I am member of group IT.
Regards
Christoph
> Am 18.12.23 um 13:50 schrieb Christoph Pleger:
> > Hello,
> >
> > I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list
> > overlay for replacing the memberOf overlay, but I cannot get it to work.
> >
> > As I read in several places, I first imported dyngroup.ldif, then created
> > an ldif to load the dynlist module and the dynlist schema, like this:
> >
> > dn: cn=module{0},cn=config
> > changetype: modify
> > add: olcModuleLoad
> > olcModuleLoad: dynlist
> >
> > dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config
> > changetype: add
> > objectClass: olcOverlayConfig
> > objectClass: olcDynamicList
> > olcOverlay: {1}dynlist
> > olcDlAttrSet: groupOfURLs memberURL member
> >
> > Then, I created a group with this ldif:
> >
> > dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de
> > objectClass: groupOfURLs
> > cn: Group1
> > memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
> >
> > But though some of the users have employeeType=IT, I cannot get a user
> > attribute memberOf or alike that says that, for example ITuser1 is a member
> > of Group1 .
> >
> > So, I tried another approach with dynlist that I read elsewhere:
> >
> > dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config
> > changetype: add
> > objectClass: olcOverlayConfig
> > objectClass: olcDynamicList
> > olcOverlay: {1}dynlist
> > olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
> >
> > But with this, I got an error message that memberOf@groupOfNames is unknown.
> >
> > So, I have some questions:
> >
> > 1. Does dynlist work this way only in OpenLDAP 2.6?
> >
> > 2. If no, do I have to import additional overlay ldifs?
> >
> > 3. Do I have to load additional modules other than dynlist?
> >
> > 4. Do I have to set other overlay attributes for the dynlist overlay?
> >
> > Regards
> > Christoph
> >
> >
>
>
>
>
signature.asc
Description: This is a digitally signed message part
