On Tue, Apr 19 2016 at 15:25:53 +0000, scn_73@yahoo.com scribbled in "memberuid value should be DN or RDN or both woks":
All,
Openldap is complaining invalid dn. I doubt, it's for group members those memberuid don't have have DN and added as RDN. Like to know does memberuid should be DN or RDN works too.
The contents of a "memberUid" attribute in a "posixGroup" should only match the "uid" attribute of a directory entry that is of objectClass "posixAccount".
Whether that is also used as the entries RDN depends on how you've modelled your directory, but it could be. It won't be a fully qualified DN though.
slapd[4892]: conn=1629448 op=2180 do_search: invalid dn (member1) slapd[4892]: conn=1629448 op=2181 do_search: invalid dn (memver2) slapd[4892]: conn=1629448 op=2182 do_search: invalid dn (member2)
objectClass: posixGroup objectClass: top cn: g1 gidNumber: xxxx memberUid: member1 memberUid: member2 memberUid: member3
- Sachin
I'm not entirely sure what might have caused the "invalid dn" response, but it might help if you also included example entries for the members in question.
Cheers.
Dameon.