Thank you for the input!
Ive been researching it a bit. As far as I understand, dynlist “allows for expansion of dynamic groups and more” (from the man). Also, I'm assuming that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt)
I only have static groups. Googling around showed that you can also use it against static groups…if I understood it correctly.
Would this overlay config help me for expanding against static groups using rfc2307bis schema?
dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: dynlist olcDynListAttrSet: member
Thank you!
On Aug 27, 2021, 8:39 PM -0400, Quanah Gibson-Mount quanah@symas.com, wrote:
--On Friday, August 27, 2021 8:10 PM -0400 Dave Macias davama@gmail.com wrote:
So i rebuild but without memberof module/overlay
From the slapo-memberof(5) man page for OpenLDAP 2.5:
Note that this overlay is deprecated and support will be dropped in future OpenLDAP releases. Installations should use the dynlist overlay instead. Using this overlay in a replicated environment is especially discouraged.
The point was you should be using dynlist rather than memberOf.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On Sun, 29 Aug 2021 at 16:50, Dave Macias davama@gmail.com wrote:
Thank you for the input!
Ive been researching it a bit. As far as I understand, dynlist “allows for expansion of dynamic groups and more” (from the man). Also, I'm assuming that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt)
I only have static groups. Googling around showed that you can also use it against static groups…if I understood it correctly.
Would this overlay config help me for expanding against static groups using rfc2307bis schema?
dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: dynlist olcDynListAttrSet: member
Thank you!
Hi David,
I have similar situation and also a replicated environment. I am using posixGroup only and never had any need for a memberOf attribute. But now, my devs have a software which insists on that attribute so I should provide it for them. I have just started with testing it but don't have any result at this time, so if you solve it before me please post here what you did. Or you can email me directly if you prefer that.
Br,
Saša
Ah!! I got it to work!
So what i did:
Ok, so i rebuilt but without the msuser.ldif schema. (my reasoning was because the memberof attribute was there ....but thought it was interesting that the overlay for dynlist included memberof...) https://www.openldap.org/software/man.cgi?query=slapo-dynlist&apropos=0&...
Added the dyngroup.ldif schema instead. Added the dynlist module
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /opt/symas/lib/openldap/ olcModuleLoad: dynlist.la
Added the dynlist overlay:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: dynlist olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Now i can do a simple ldapsearch:
ldapsearch -xLLL uid=davetest memberof dn: uid=davetest,ou=People,dc=domain,dc=net memberOf: cn=config,ou=group,dc=domain,dc=net memberOf: cn=netbox,ou=group,dc=domain,dc=net
Hope this makes sense and i did it right :D
@Saša-Stjepan Bakša ssbaksa@gmail.com FYI
Now to try with MMR
Thanks, Dave
On Mon, Aug 30, 2021 at 4:14 AM Saša-Stjepan Bakša ssbaksa@gmail.com wrote:
On Sun, 29 Aug 2021 at 16:50, Dave Macias davama@gmail.com wrote:
Thank you for the input!
Ive been researching it a bit. As far as I understand, dynlist “allows for expansion of dynamic groups and more” (from the man). Also, I'm assuming that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt)
I only have static groups. Googling around showed that you can also use it against static groups…if I understood it correctly.
Would this overlay config help me for expanding against static groups using rfc2307bis schema?
dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: dynlist olcDynListAttrSet: member
Thank you!
Hi David,
I have similar situation and also a replicated environment. I am using posixGroup only and never had any need for a memberOf attribute. But now, my devs have a software which insists on that attribute so I should provide it for them. I have just started with testing it but don't have any result at this time, so if you solve it before me please post here what you did. Or you can email me directly if you prefer that.
Br,
Saša
--On Monday, August 30, 2021 11:25 AM -0400 Dave Macias davama@gmail.com wrote:
Ah!! I got it to work!
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Yes, this is the correct way to configure it. ;)
And yes, having dynlist internally define it avoids the need to load any external schema. The msuser.ldif is provided for those people who want to try the AD replication integration added in OpenLDAP 2.5.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Monday, August 30, 2021 11:14 AM +0200 Saša-Stjepan Bakša ssbaksa@gmail.com wrote:
I have similar situation and also a replicated environment. I am using posixGroup only and never had any need for a memberOf attribute. But now, my devs have a software which insists on that attribute so I should provide it for them.
posixGroup is not a valid objectClass to use with providing memberOf information.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Dave Macias -
Quanah Gibson-Mount -
Saša-Stjepan Bakša