Hello, the result of the search is:
# IT, groups, cs.tu-dortmund.de dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT) member: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de Regards Christoph Stefan Kania wrote: > Do you see your "dn" in the attribut "member" in your group "IT"? Or > just the username? > > Am 20.12.23 um 14:34 schrieb Christoph Pleger: > > Hello, > > > > no memberOf Attribute yet: > > > > root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- > > dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b > > "dc=cs,dc=tu-dortmund,dc=de" uid=pleger + > > # extended LDIF > > # > > # LDAPv3 > > # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree > > # filter: uid=pleger > > # requesting: + > > # > > > > # Christoph Pleger, people, cs.tu-dortmund.de > > dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de > > structuralObjectClass: inetOrgPerson > > entryUUID: c591d5be-3361-103e-8e4a-cfa0242b2e12 > > creatorsName: cn=admin,dc=cs,dc=tu-dortmund,dc=de > > createTimestamp: 20231220085905Z > > entryCSN: 20231220085905.057389Z#000000#000#000000 > > modifiersName: cn=admin,dc=cs,dc=tu-dortmund,dc=de > > modifyTimestamp: 20231220085905Z > > entryDN: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de > > subschemaSubentry: cn=Subschema > > hasSubordinates: FALSE > > > > # search result > > search: 2 > > result: 0 Success > > > > # numResponses: 2 > > # numEntries: 1 > > > > > > Do I have to load additional modules like refint, dyngroup or memberof? > NO, you don't need any of these modules > > > > Regards > > Christoph > > > > Stefan Kania wrote: > > > > > memberOf is an internal Attribute you must put a "+" at the ende of your > > > ldapsearch command > > > > > > Am 20.12.23 um 10:16 schrieb Christoph Pleger: > > > > Hallo, > > > > > > > > > ------------- > > > > > dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config > > > > > changetype: modify > > > > > add: olcDlAttrSet > > > > > olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames > > > > > ------------- > > > > > > > > > > > > For me, it is {0} dynlist, so I created dynlist2.ldif: > > > > > > > > dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config > > > > changetype: modify > > > > add: olcDlAttrSet > > > > olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames > > > > > > > > Modified the AttrSet: > > > > > > > > ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif > > > > > > > > This worked well. > > > > > > > > Then, created it.ldif: > > > > > > > > dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de > > > > objectClass: groupOfURLs > > > > cn: IT > > > > memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT) > > > > > > > > And added that: > > > > > > > > /usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y > > > > /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif > > > > > > > > Then added me as an IT user: > > > > > > > > dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de > > > > objectClass: posixAccount > > > > objectClass: inetOrgPerson > > > > objectClass: organizationalPerson > > > > objectClass: person > > > > loginShell: /bin/bash > > > > homeDirectory: /home/pleger > > > > uid: pleger > > > > cn: Christoph Pleger > > > > userPassword: MyPassword gecos: Christoph Pleger,,, > > > > uidNumber: 10000 > > > > gidNumber: 10000 > > > > sn: Pleger > > > > givenName: Christoph > > > > employeeType: IT > > > > > > > > So far, so good. But then: > > > > > > > > root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- > > > > dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b > > > > "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf > > > > > > > > # extended LDIF > > > > # > > > > # LDAPv3 > > > > # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree > > > > # filter: uid=pleger00 > > > > # requesting: memberOf > > > > # > > > > > > > > # Christoph Pleger, people, cs.tu-dortmund.de > > > > dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de > > > > > > > > # search result > > > > search: 2 > > > > result: 0 Success > > > > > > > > # numResponses: 2 > > > > # numEntries: 1 > > > > > > > > So, no sign that I am member of group IT. > > > > > > > > Regards > > > > Christoph > > > > > > > > > Am 18.12.23 um 13:50 schrieb Christoph Pleger: > > > > > > Hello, > > > > > > > > > > > > I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic > > > > > > list overlay for replacing the memberOf overlay, but I cannot get > > > > > > it to work. > > > > > > > > > > > > As I read in several places, I first imported dyngroup.ldif, then > > > > > > created an ldif to load the dynlist module and the dynlist schema, > > > > > > like this: > > > > > > > > > > > > dn: cn=module{0},cn=config > > > > > > changetype: modify > > > > > > add: olcModuleLoad > > > > > > olcModuleLoad: dynlist > > > > > > > > > > > > dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config > > > > > > changetype: add > > > > > > objectClass: olcOverlayConfig > > > > > > objectClass: olcDynamicList > > > > > > olcOverlay: {1}dynlist > > > > > > olcDlAttrSet: groupOfURLs memberURL member > > > > > > > > > > > > Then, I created a group with this ldif: > > > > > > > > > > > > dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de > > > > > > objectClass: groupOfURLs > > > > > > cn: Group1 > > > > > > memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT) > > > > > > > > > > > > But though some of the users have employeeType=IT, I cannot get a > > > > > > user attribute memberOf or alike that says that, for example > > > > > > ITuser1 is a member of Group1 . > > > > > > > > > > > > So, I tried another approach with dynlist that I read elsewhere: > > > > > > > > > > > > dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config > > > > > > changetype: add > > > > > > objectClass: olcOverlayConfig > > > > > > objectClass: olcDynamicList > > > > > > olcOverlay: {1}dynlist > > > > > > olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames > > > > > > > > > > > > But with this, I got an error message that memberOf@groupOfNames is > > > > > > unknown. > > > > > > > > > > > > So, I have some questions: > > > > > > > > > > > > 1. Does dynlist work this way only in OpenLDAP 2.6? > > > > > > > > > > > > 2. If no, do I have to import additional overlay ldifs? > > > > > > > > > > > > 3. Do I have to load additional modules other than dynlist? > > > > > > > > > > > > 4. Do I have to set other overlay attributes for the dynlist > > > > > > overlay? > > > > > > > > > > > > Regards > > > > > > Christoph > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
signature.asc
Description: This is a digitally signed message part
