--On Monday, November 1, 2021 11:53 AM -0400 Keith LeValley klevalley2@davenport.edu wrote:
Good afternoon,
I am working to migrate my LDAP setup to openldap, however I have run into a problem around group membership.
Specifically my old instance of ldap used the attribute "groupMembership" and I need to support this moving forward, so if you were to query the attribute "groupMembership" it needs to return the groups the user is part of.
Currently in my test environment I have the memberof overlay working, and I found the option
memberof-memberof-ad
The memberof Overlay is deprecated and should not be used. Ensure you are using OpenLDAP 2.5 or later, and use the slapo-dynlist overlay to dynamically populate the attribute for you based on your existing LDAP groups. I would also look at fixing any application using "groupMembership" to use the common memberOf.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com