I was looking through list archives and a few weeks ago, someone posted some configurations for the memberOf overlay. I modified the configurations slightly and it looks like everything is installed (with no errors) and working, but when run an ldapsearch, it does not return the memberOf. Below is the install and configuration method. Any guidance on what to change or error logs to look at?
Thx Bill
##MY RESULTS## server-1# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 version: 1
dn: uid=test1,ou=People,dc=example,dc=com
##INSTALL AND CONFIG##
sudo apt-get -y install slapd ldap-utils
cd /etc/ldap
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo vi db.ldif
# Load dynamic backend modules dn: cn=module{0},cn=config objectClass: olcModuleList cn: module {0} olcModulepath: /usr/lib/ldap olcModuleload: {0}back_hdb olcModuleload: {1}memberof.la
# Create the database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=example,dc=com olcRootDN: cn=admin,dc=example,dc=com olcRootPW: password olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq
dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {1}memberof structuralObjectClass: olcMemberOf
:wq!
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif
sudo slappasswd -h {MD5}
##note: 1234 = {MD5}gdyb21LQTcIANtvYMT7QVQ==
sudo vi base.ldif
dn: dc=example,dc=com objectClass: dcObject objectclass: organization o: example.com dc: example description: My LDAP Root
dn: cn=admin,dc=example,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin userPassword: {MD5}gdyb21LQTcIANtvYMT7QVQ== description: LDAP administrator
:wq!
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f base.ldif
sudo vi config.ldif
dn: cn=config changetype: modify delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess
dn: olcDatabase={0}config,cn=config changetype: modify delete: olcRootDN
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {MD5}gdyb21LQTcIANtvYMT7QVQ==
dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess
:wq!
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif
sudo vi acl.ldif
dn: olcDatabase={1}hdb,cn=config add: olcAccess olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read :wq!
sudo ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif
#Add one group, add two users, place one user in group
ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf
_________________________________________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/201469229/direct/01/