On Wed, 2007-11-28 at 09:13 +1100, Andrew Bartlett wrote:
On Tue, 2007-11-27 at 07:23 -0800, Howard Chu wrote:
Christian Marg wrote:
Hello,
Andrew Bartlett wrote: [...]
Linked attributes include member/memberOf, master/masteredBy and many others. They are defined in the AD schema, and as far as I know, are strictly updated as a pair (they are not flattened memberOf listings, for example).
[...]
Isn't that what slapo-refint(5) does? Maybe it needs some fine adjustment, but from the manpage it sounds promising...
The slapo-memberOf overlay is probably more useful here, as Ando already pointed out. But yes, we can take care of linked attributes, no problem.
Looking at the configuration, it seems this can only currently be configured once - ie, for memberOf. Am I missing how to configure it to also handle an arbitrary number of other attributes? Ideally I would process the AD schema into a configuration file with these details.
To start with this module I've decided to just deal with memberOf. However, I can't get the module to start, because while it allows configuration of different schema in theory, it relies on the default schema to exist in practice:
[abartlet@naomi source]$ /usr/local/sbin/slaptest -f /home/data/samba/samba4/clean/source/st/dc/private/ldap/slapd.conf back-bdb/back-hdb monitor: "olmBDBAttributes" previously defined "1.3.6.1.4.1.4203.666.1.55.0.1.1" back-bdb/back-hdb monitor: "olmBDBObjectClasses" previously defined "1.3.6.1.4.1.4203.666.3.16.0.1.1" memberof_db_init: unable to find objectClass="groupOfNames" slaptest: bad configuration file!
The problem is that groupOfNames doesn't exist in the AD-like schema I'm loading. This is with current CVS OpenLDAP.
Andrew Bartlett