Am 16.03.23 um 16:36 schrieb Ondřej Kuzník:
On Thu, Mar 16, 2023 at 03:22:25PM +0100, Andreas Ladanyi wrote:
Hi,
i changed my config a bit but it doesnt work.
i dont have a dynamic group. Yes i configured a dynamic list. We want to add the memberOf attribute to user entries.
We have static groups with objectclass "groupofnames" which contain the DN of users with attribute "member=uid=name,............"
The user entries contain the attribute labeledURI=ldap:///BASE_DN?entryDN?sub?(&(objectClass=groupOfNames)(member=uid=name,..........))
So the DNs of all the static groupofname groups which a user is a member of should be returned by the dynlist URI expansion.
The dynlist modul should map the entryDNs of the expansion to memberOf and the memberOf attribute should be delivered with the user entry output when ldapsearch:
dynlist-attrset labeledURIObject labeledURI memberOf:entryDN
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN '(|(uid=username))' memberOf
ldapsearch with no result.
Hi,
Hi, is there a reason you don't just follow what the dynlist manpage says for static groups?
e.g. dynlist-attrset groupOfURLs memberURL member+memberOf@groupOfNames
dynlist-attrset labeledURIObject labeledURI memberOf+member@groupOfNames
works
That way you can get rid of having to set labeledURI on each of the users as well...
No, i cant. I tried out. Without labeledURI attribute for each user ldapsearch doesnt result the memberOf attributs of the user entity with this ldapsearch call:
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN '(uid=username)' memberOf
The labeledURI attribute is: labeledURI=ldap:///BASE_DN??sub?(&(objectClass=groupOfNames)(member=uid=name,..........))
The attrs part is absent.
Searching to memberOf doesnt work.
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN '(memberOf=cn=groupname,ou=groupOfNames,dc=.............)' doesnt result anything.
entryDN is set to "read" for *.