7:48 a.m.
Thank you for the input!
Ive been researching it a bit. As far as I understand, dynlist “allows for
expansion of dynamic groups and more” (from the man). Also, I'm assuming
that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt)
I only have static groups.
Googling around showed that you can also use it against static groups…if I
understood it correctly.
Would this overlay config help me for expanding against static groups using
rfc2307bis schema?
dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynListConfig
olcOverlay: dynlist
olcDynListAttrSet: member
Thank you!
On Aug 27, 2021, 8:39 PM -0400, Quanah Gibson-Mount <quanah(a)symas.com>,
wrote:
--On Friday, August 27, 2021 8:10 PM -0400 Dave Macias <davama(a)gmail.com>
wrote:
So i rebuild but without memberof module/overlay
From the slapo-memberof(5) man page for OpenLDAP 2.5:
Note that this overlay is deprecated and support will be dropped
in
future OpenLDAP releases. Installations should use the dynlist
overlay
instead. Using this overlay in a replicated environment is
especially
discouraged.
The point was you should be using dynlist rather than memberOf.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
1:14 a.m.
New subject: 2.5.7 - adding memberof module Duplicate attributeType
On Sun, 29 Aug 2021 at 16:50, Dave Macias <davama(a)gmail.com> wrote:
Thank you for the input!
Ive been researching it a bit. As far as I understand, dynlist “allows for
expansion of dynamic groups and more” (from the man). Also, I'm assuming
that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt)
I only have static groups.
Googling around showed that you can also use it against static groups…if I
understood it correctly.
Would this overlay config help me for expanding against static groups
using rfc2307bis schema?
dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynListConfig
olcOverlay: dynlist
olcDynListAttrSet: member
Thank you!
Hi David,
I have similar situation and also a replicated environment. I am using
posixGroup only and never had any need for a memberOf attribute.
But now, my devs have a software which insists on that attribute so I
should provide it for them.
I have just started with testing it but don't have any result at this time,
so if you solve it before me please post here what you did.
Or you can email me directly if you prefer that.
Br,
Saša
7:25 a.m.
New subject: 2.5.7 - adding memberof module Duplicate attributeType
Ah!!
I got it to work!
So what i did:
Ok, so i rebuilt but without the msuser.ldif schema. (my reasoning was
because the memberof attribute was there ....but thought it was interesting
that the overlay for dynlist included memberof...)
https://www.openldap.org/software/man.cgi?query=slapo-dynlist&apropos...
Added the dyngroup.ldif schema instead.
Added the dynlist module
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /opt/symas/lib/openldap/
olcModuleLoad: dynlist.la
Added the dynlist overlay:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynListConfig
olcOverlay: dynlist
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Now i can do a simple ldapsearch:
ldapsearch -xLLL uid=davetest memberof
dn: uid=davetest,ou=People,dc=domain,dc=net
memberOf: cn=config,ou=group,dc=domain,dc=net
memberOf: cn=netbox,ou=group,dc=domain,dc=net
Hope this makes sense and i did it right :D
@Saša-Stjepan Bakša <ssbaksa(a)gmail.com> FYI
Now to try with MMR
Thanks,
Dave
On Mon, Aug 30, 2021 at 4:14 AM Saša-Stjepan Bakša <ssbaksa(a)gmail.com>
wrote:
On Sun, 29 Aug 2021 at 16:50, Dave Macias <davama(a)gmail.com> wrote:
> Thank you for the input!
>
> Ive been researching it a bit. As far as I understand, dynlist “allows
> for expansion of dynamic groups and more” (from the man). Also, I'm
> assuming that dynlist also works well with MMR syncrepl, yes? (Since
> memberof didnt)
>
> I only have static groups.
> Googling around showed that you can also use it against static groups…if
> I understood it correctly.
>
> Would this overlay config help me for expanding against static groups
> using rfc2307bis schema?
>
> dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcDynListConfig
> olcOverlay: dynlist
> olcDynListAttrSet: member
>
> Thank you!
>
>
Hi David,
I have similar situation and also a replicated environment. I am using
posixGroup only and never had any need for a memberOf attribute.
But now, my devs have a software which insists on that attribute so I
should provide it for them.
I have just started with testing it but don't have any result at this
time, so if you solve it before me please post here what you did.
Or you can email me directly if you prefer that.
Br,
Saša
8 a.m.
New subject: 2.5.7 - adding memberof module Duplicate attributeType
--On Monday, August 30, 2021 11:25 AM -0400 Dave Macias <davama(a)gmail.com>
wrote:
Ah!!
I got it to work!
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Yes, this is the correct way to configure it. ;)
And yes, having dynlist internally define it avoids the need to load any
external schema. The msuser.ldif is provided for those people who want to
try the AD replication integration added in OpenLDAP 2.5.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
8:24 a.m.
New subject: 2.5.7 - adding memberof module Duplicate attributeType
--On Monday, August 30, 2021 11:14 AM +0200 Saša-Stjepan Bakša
<ssbaksa(a)gmail.com> wrote:
I have similar situation and also a replicated environment. I am
using
posixGroup only and never had any need for a memberOf attribute.
But now, my devs have a software which insists on that attribute so I
should provide it for them.
posixGroup is not a valid objectClass to use with providing memberOf
information.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
830
days inactive
831
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
Dave Macias -
Quanah Gibson-Mount -
Saša-Stjepan Bakša