I would migrate the schema too. Seems to be the correct thing to do...
Nick
On Mon, Nov 1, 2021 at 12:15 PM Keith LeValley klevalley2@davenport.edu wrote:
Good afternoon,
I am working to migrate my LDAP setup to openldap, however I have run into a problem around group membership.
Specifically my old instance of ldap used the attribute "groupMembership" and I need to support this moving forward, so if you were to query the attribute "groupMembership" it needs to return the groups the user is part of.
Currently in my test environment I have the memberof overlay working, and I found the option
*memberof-memberof-ad*
which should allow me to create a custom attribute named "groupMembership" and point the overlay at that attribute. I am really hoping to avoid this though and would much rather have a cleaner solution. Maybe some type of interface that just acts as a pointer to the memberof attribute when they query groupMembership? But I am not familiar enough with openldap to know whether this is even possible.
So I guess my question is; is the custom attribute going to be the solution here or is there another tool that I am unaware of?
-- Keith LeValley Identity Services Architect, Davenport University phone: (616) 732-1102 klevalley2@davenport.edu