one can see how the issue hit us. We have a Suse 11.2 machine where
the standard openldap configuration is slapd.conf based.
On another ubuntu 10.04 machine it's cn=config based.
The memberOf function simply didn't work and there were not proper error
messages and googling the issue was a pain in the ****
When we finally found out that we need an overlay no rpm was available.
So we went and tried everything on the ubuntu machine.
Whatever mechanism your distro uses to package the overlays is not under our
control. Whining about it here doesn't help anyone. If your distro didn't
adequately document where to find the overlays, file a doc bug report with them.
But then there was this change of how everything is configured.
Basically we could start googling all over again. Many hours and
problems later we got the memberOf function working. What we know now is
that OpenLdap has joined the list of projects that have abandondend
simple configuration with a more complicated one. We've seen this with
grub2, gnome and other projects. In all cases in our opinion this is not
helping the majority of people using these projects. Many years of
Documentation on the internet is invalidated and worse there are now two
ways to do things that are incompatible and if you try to go back (as we
did on ubuntu trying to get a slapd.conf based version running) it does
not get any easier.
Whining about the config mechanism is pointless. The slapd.conf mechanism
still works exactly the same as before. The cn=config mechanism is the way
forward because our large customers demanded a way to modify the config
without requiring a server restart. If you can live with restarting every time
you make a config change, you can keep using OpenLDAP 2.4 the same as you
Please use the contact form on BITPlan's webpage if you'd
like to get
our configuration script for memberOf - we won't publish it at this time
since it contains user data.
I personally don't have time to go chasing hither and yon for relevant bug
report data. If you can't provide a sanitized copy of the relevant details,
then you're just wasting everyone's time.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/