Andi Zulfadli wrote:
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.
Example 'aeGroup':
( 1.3.6.1.4.1.5427.1.389.100.6.1 NAME 'aeGroup' DESC 'AE-DIR: Group entry' SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) STRUCTURAL MUST description )
You can leave out "groupOfURLs $ aeObject".
You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's slapo-constraint can be helpful for that too.
Ciao, Michael.
2015-10-30 3:24 GMT-07:00 Michael Ströder michael@stroeder.com:
Andi Zulfadli wrote:
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap
group
entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember: uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
example filter : example: (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain this to reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
-- Michael Ströder Klauprechtstr. 11 Dipl.-Inform. D-76137 Karlsruhe, Germany Tel.: +49 721 8304316 Mobil: +49 170 2391920 E-Mail: michael@stroeder.com http://www.stroeder.com