I’ve been stumped for two weeks now trying to implement the memberOf Overlay via directory based model.  I even tried it via a slapd.con file and still had trouble.  Here is my installation steps on Ubuntu.  Is anyone able to spot where I’m going wrong with my configurations?

 

 

################

# Setup OpenLDAP

################

 

sudo apt-get -y install slapd ldap-utils

 

cd /etc/ldap

 

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

 

sudo vi db.ldif

 

# Load dynamic backend modules

dn: cn=module{0},cn=config

objectClass: olcModuleList

cn: module {0}

olcModulepath: /usr/lib/ldap

olcModuleload: {0}back_hdb

olcModuleload: {1}memberof.la

 

# Create the database

dn: olcDatabase={1}hdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcHdbConfig

olcDatabase: {1}hdb

olcDbDirectory: /var/lib/ldap

olcSuffix: dc=mydomain,dc=com

olcRootDN: cn=admin,dc=mydomain,dc=com

olcRootPW: password

olcDbConfig: {0}set_cachesize 0 2097152 0

olcDbConfig: {1}set_lk_max_objects 1500

olcDbConfig: {2}set_lk_max_locks 1500

olcDbConfig: {3}set_lk_max_lockers 1500

olcLastMod: TRUE

olcDbCheckpoint: 512 30

olcDbIndex: uid pres,eq

olcDbIndex: cn,sn,mail pres,eq,approx,sub

olcDbIndex: objectClass eq

 

 

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif

 

sudo slappasswd -h {MD5}

 

 

sudo vi base.ldif

 

dn: dc=mydomain,dc=com

objectClass: dcObject

objectclass: organization

o: mydomain.com

dc: mydomain

description: My LDAP Root

 

dn: cn=admin,dc=mydomain,dc=com

objectClass: simpleSecurityObject

objectClass: organizationalRole

cn: admin

userPassword: {MD5}gdyb21LQTcIANtvYMT7QVQ==

description: LDAP administrator

 

 

 

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f base.ldif

 

sudo vi config.ldif

 

dn: cn=config

changetype: modify

delete: olcAuthzRegexp

 

dn: olcDatabase={-1}frontend,cn=config

changetype: modify

delete: olcAccess

 

dn: olcDatabase={0}config,cn=config

changetype: modify

delete: olcRootDN

 

dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcRootDN

olcRootDN: cn=admin,cn=config

 

dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {MD5}gdyb21LQTcIANtvYMT7QVQ==

 

dn: olcDatabase={0}config,cn=config

changetype: modify

delete: olcAccess

 

 

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif

 

 

sudo vi acl.ldif

 

dn: olcDatabase={1}hdb,cn=config

add: olcAccess

olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=com" write by anonymous auth by self write by * none

olcAccess: to dn.base="" by * read

olcAccess: to * by dn="cn=admin,dc=mydomain,dc=com" write by * read

 

sudo ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif