Hello openldap users!
slapd.conf:
overlay dynlist
dynlist-attrset groupOfUrls labeledURI member
ldif:
dn: cn=testgroup,ou=servers,dc=domain,dc=local
objectclass: groupOfNames
cn: testgroup
member: cn=test,ou=users,dc=domain,dc=local
dn: cn=maingroup,ou=servers,dc=domain,dc=local
objectclass: groupOfNames
cn: maingroup
member: cn=testgroup,ou=servers,dc=domain,dc=local
dn: cn=testgroup,ou=servers,dc=domain,dc=local
objectClass: top
objectClass: labeledURIObject
objectClass: groupOfURLs
cn: testgroup
labeledURI: ldap:///ou=users,dc=domain,dc=local??one?(objectClass=inetOrgPerson)
dn: cn=maingroup,ou=serversGroups,dc=domain,dc=local
objectClass: top
objectClass: labeledURIObject
objectClass: groupOfURLs
cn: maingroup
labeledURI: ldap:///ou=servers,dc=domain,dc=local?member?one?(objectClass=groupOfUrls)
With this configuration when ldapsearching for contents of
"cn=testgroup,ou=servers,dc=domain,dc=local" I got "member:
cn=testgroup,ou=servers,dc=domain,dc=local". Cool! It's working. Then
I want to have dynlist that contains members of group of dyngroups.
And here I stuck.
In slapd.conf I can say that some objectClass can be dyngroup or
dynlist, but not together. That's right.
Then I though that I can extend dyngroup.schema and add groupOfUrls2,
then add "dynlist-attrset groupOfUrls2 labeledURI" to slapd.conf and
groupOfUrls2 will behave like dynlist, and groupOfUrls will still be
dyngroup. That's would be very good for me!
I looked in dyngroup.schema and copy groupOfUrls definition to groupOfUrls2.
objectClass ( NetscapeLDAPobjectClass:33
NAME 'groupOfURLs2'
SUP top STRUCTURAL
MUST cn
MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso ) )
But there was error:
/usr/local/etc/openldap/schema/dyngroup.schema: line 89 objectClass:
Inconsistent duplicate objectClass: "2.16.840.1.113730.3.2.33"
/usr/local/etc/openldap/slapd.conf: line 11: <include> handler exited with 1!
slapd destroy: freeing system resources.
slapd stopped.
So... I changed 33 to 34 in chema. Error gone, slapd started.
I added to ldap:
dn: cn=maingroup2,ou=serversGroups,dc=domain,dc=local
objectClass: top
objectClass: labeledURIObject
objectClass: groupOfURLs2
cn: maingroup
labeledURI: ldap:///ou=servers,dc=domain,dc=local?member?one?(objectClass=groupOfUrls)
and my slapd.conf not looking like this:
overlay dynlist
dynlist-attrset groupOfUrls labeledURI member
dynlist-attrset groupOfUrls2 labeledURI
So groupOfUrls must be dyngroup, and groupOfUrls2 must be dynlist.
And now when I ldapsearch for member attr in maingroup2 I wanted to
get all members of groups that are under
ou=servers,dc=domain,dc=local, but I got no members...
Logic was - testgroup (and others groupOfURLs) work as dyngroup and
generate member attr in it depending on specified labeledURI.
Then maingroup2 (and others) will ldapsearch in ou=servers and make
member: attr depending on member attr of groups in ou=servers (and
some filters, that I will use later).
But maingroup2 not working... It not generate member: attr in it.
I think I was wrong changing 33 to 34, because I need some more thing
to do, but I do not know what I should do. Can anoyone suggest what to
do?