Hello,
Java and its native libraries to work with OpenLDAP in our application. I need to be able to associate users to groups and this part works file. I can do an ldap search and I can see the membership
ie: dn: cn=NURSE,ou=roles,dc=mydir,dc=com uniqueMember: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com
ldif for Role dn: ou=roles,dc=mydir,dc=com objectClass: top objectClass: organizationalUnit ou: roles
Sample user that created for above: dn: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com preferredLanguage: E displayName: LDAP-TEST-1,Suneet employeeType: PERM FULL TIME userPassword:: cGFzc3dvcmQ= ou: OpenIAM givenName: Suneet uid: Suneet.LDAP-TEST-1 telephoneNumber: 234-123-4567 mail: suneet_shah@openiam.com cn: Suneet LDAP-TEST-1 manager: uid=abc,ou=users,dc=mydir,dc=com o: OpenIAM departmentNumber: - sn: LDAP-TEST-1 title: Test User x-com-mydir-userStatus: Inactive objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: DIRUser
I also need to be able to remove users from a group. In this case, I am looking up the user to see if they a have memberOf attribute. However, when I do this, my search results are always empty. My code and search filter are below. Any thoughts on what I am doing wrong? I tried this OpenDS and it works, but I need to get this work with OpenLDAP. Also I noticed that my user in ldap does not contain any attributes that show membership to a group. I have pasted below my code where I add a user to a group incase that is the source of my error
Code snippet to search for a user before adding/removing from a group:
String[] attrIds = {"memberOf", "isMemberOf"}; NamingEnumeration results = null; try { SearchControls searchCtls = new SearchControls(); searchCtls.setReturningAttributes(attrIds);
String searchFilter =" (&(objectclass=inetOrgPerson)(uid=Suneet.LDAP-TEST-1))" results = ldapctx.search(objectBaseDN, searchFilter, searchCtls);
Code to add a users to a group:
ModificationItem mods[] = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("uniqueMember", ldapName)); ldapctx.modifyAttributes(s, mods);
thanks for your help
Suneet Shah wrote:
Hello,
Java and its native libraries to work with OpenLDAP in our application. I need to be able to associate users to groups and this part works file. I can do an ldap search and I can see the membership
ie: dn: cn=NURSE,ou=roles,dc=mydir,dc=com uniqueMember: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com
ldif for Role dn: ou=roles,dc=mydir,dc=com objectClass: top objectClass: organizationalUnit ou: roles
Sample user that created for above: dn: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com preferredLanguage: E displayName: LDAP-TEST-1,Suneet employeeType: PERM FULL TIME userPassword:: cGFzc3dvcmQ= ou: OpenIAM givenName: Suneet uid: Suneet.LDAP-TEST-1 telephoneNumber: 234-123-4567 mail: suneet_shah@openiam.com mailto:suneet_shah@openiam.com cn: Suneet LDAP-TEST-1 manager: uid=abc,ou=users,dc=mydir,dc=com o: OpenIAM departmentNumber: - sn: LDAP-TEST-1 title: Test User x-com-mydir-userStatus: Inactive objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: DIRUser
I also need to be able to remove users from a group. In this case, I am looking up the user to see if they a have memberOf attribute. However, when I do this, my search results are always empty. My code and search filter are below. Any thoughts on what I am doing wrong? I tried this OpenDS and it works, but I need to get this work with OpenLDAP. Also I noticed that my user in ldap does not contain any attributes that show membership to a group. I have pasted below my code where I add a user to a group incase that is the source of my error
That's the wrong approach. Use an LDAP Compare operation on the group, checking for uniquemember matching the user's DN.
openldap-technical@openldap.org