Good afternoon,

I am working to migrate my LDAP setup to openldap, however I have run into a problem around group membership.

Specifically my old instance of ldap used the attribute "groupMembership" and I need to support this moving forward, so if you were to query the attribute "groupMembership" it needs to return the groups the user is part of.

Currently in my test environment I have the memberof overlay working, and I found the option

memberof-memberof-ad

which should allow me to create a custom attribute named "groupMembership" and point the overlay at that attribute. I am really hoping to avoid this though and would much rather have a cleaner solution. Maybe some type of interface that just acts as a pointer to the memberof attribute when they query groupMembership? But I am not familiar enough with openldap to know whether this is even possible.

So I guess my question is; is the custom attribute going to be the solution here or is there another tool that I am unaware of?

Keith LeValley

Identity Services Architect, Davenport University

phone: (616) 732-1102

klevalley2@davenport.edu