Hello,
Apologies for my bad English, it's not my native langage
I'm toying with openldap 2.5.5 and the dynlist overlay to replace the memberof overlay (since it's the recommanded way to manage the memberof attribute in a replicate environnement).
My configuration for the dynlist overlay is like this :
overlay dynlist dynlist-attrset groupOfURLs memberURL memberOf
If I create a group like this :
dn: cn=GroupB,ou=Groups,dc=appartement,dc=me objectClass: posixGroup objectClass: top objectClass: groupOfNames cn: GroupB member: uid=bob,ou=Users,dc=appartement,dc=me gidNumber: 14056
and a user like this :
dn: uid=bob,ou=Users,dc=appartement,dc=me objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount objectClass: groupOfURLs [...Attributes omitted for clarity...] givenName: bob sn: bob displayName: bob uid: bob memberURL: ldap:///ou=Groups,dc=appartement,dc=me??sub?(member=uid=bob,ou=Users,dc=appartement,dc=me)
everything works fine, the memberof attribute is generate on the fly if I request it in the search
My "issue" is that my LDAP Client is not capable of creating a posix account with the objectclass groupOfURLs or the memberURL attribute... So when I create a new user, I need to manually edit the user in the database to add the objectclass groupOfURLs and the memberURL, which is very tedious.
Is there a way for openldap to dynamically add theses attributes when a new user is created ? For exemple, my LDAP client send an "Addrequest" with the following attributes :
dn: uid=leon,ou=Users,dc=appartement,dc=me objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount [...Attributes omitted for clarity...] givenName: leon sn: leon displayName: leon uid: leon
openldap intercept the request, add the following attributes :
objectClass: groupOfURLs memberURL: ldap:///ou=Groups,dc=appartement,dc=me??sub?(member=uid=bob,ou=Users,dc=appartement,dc=me)
and then write the new entry in the database. Is that possible ? I looked at slapo-rwm but I'm not sure if this overlay can add attributes...
Thanks !
--On Friday, July 16, 2021 12:01 PM +0000 j.vandeville@gmail.com wrote:
Hello,
Apologies for my bad English, it's not my native langage
I'm toying with openldap 2.5.5 and the dynlist overlay to replace the memberof overlay (since it's the recommanded way to manage the memberof attribute in a replicate environnement).
If you are already using static groups, you can use dynlist to populate memberOf based off of static groups instead. That configuration looks something like:
dynlist-attrset groupOfURLs memberURL member+memberOf@groupOfNames
You may also want to look at the test suite configurations for dynlist.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
j.vandeville@gmail.com -
Quanah Gibson-Mount