Full_Name: Quanah Gibson-Mount Version: 2.4.45 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239)
Per the slapo-memberof man page, you can define a different attribute than "memberOf" to hold the group membership information for an entry.
However, this fails due to the fact that when a different attribute is used, slapd applies objectClass rule requirements to the entry. slapd does *not* do this when the default value of "memberOf" is used.
Example config:
overlay memberof memberof-group-oc groupofuniquenames memberof-member-ad uniquemember memberof-memberof-ad ismemberof
Example schema:
attributetype ( 2.15.930.3.234225.3.1 NAME 'isMemberOf' DESC 'Sun defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Sun Directory Server' )
Create a group:
dn: cn=mygroup,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: mygroup uniqueMember: cn=La Valko,ou=Peons,dc=example,dc=com
Group creates OK, but:
slapd[5149]: Entry (cn=La Valko,ou=Peons,dc=example,dc=com), attribute 'isMemberOf' not allowed slapd[5149]: entry failed schema check: attribute 'isMemberOf' not allowed slapd[5149]: conn=1000 op=19: memberof_value_modify DN="cn=la valko,ou=peons,dc=example,dc=com" add isMemberOf="cn=mygroup,dc=example,dc=com" failed err=65