Ok, I understand that it isn't supported, but at the moment I can't try other solutions. And since that aside from that filter, the rest works, I don't want to give up like that.
Infact if I look for the following values (then on the groups) Search base: cn=groupname,ou=group,dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get if Name Surname is part of the groupname group
If I search Search base: dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get the list of which groups Name Surname belongs
*But with this (then on the people)* Search base: dc=pigreco,dc=it Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it)
*I have no result and in the log I read:get_ava: illegal value for attributeType memberof*
obviously same thing with: (& (uid=n.surname) (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it) )
:(
On the "groups" it is works! On the "people" it doesn't work (*get_ava: illegal value for attributeType memberof*) It's frustrating!
2018-08-07 21:35 GMT+02:00 Quanah Gibson-Mount quanah@symas.com:
--On Tuesday, August 07, 2018 1:30 PM -0700 Quanah Gibson-Mount < quanah@symas.com> wrote:
--On Tuesday, August 07, 2018 11:23 AM +0200 Arianna Milazzo
arianna@ariannamicrochip.it wrote: Trying to force LDAP functionality with back-sql is going to work well as a path to pursue.
*is not going to work well.
--Qunah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 8/8/18 3:19 PM, Arianna Milazzo wrote:
Ok, I understand that it isn't supported, but at the moment I can't try other solutions.
Well, feel free to ignore good advice and bang your head against the wall.
*But with this (then on the people)* Search base: dc=pigreco,dc=it Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it)
*I have no result and in the log I read: get_ava: illegal value for attributeType memberof*
I would simply not expect overlay slapo-memberof to correctly work with back-sql for exactly the reasons Quanah pointed out.
It's frustrating!
Sometimes a first idea does not work. I understand that it's personally frustrating. This also happens to me several times a week when trying new things. But another solution has been pointed out and so there is a way out of the frustration.
Ciao, Michael.
Am Wed, 8 Aug 2018 15:19:23 +0200 schrieb Arianna Milazzo arianna@ariannamicrochip.it:
Ok, I understand that it isn't supported, but at the moment I can't try other solutions. And since that aside from that filter, the rest works, I don't want to give up like that.
Infact if I look for the following values (then on the groups) Search base: cn=groupname,ou=group,dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get if Name Surname is part of the groupname group
If I search Search base: dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get the list of which groups Name Surname belongs
*But with this (then on the people)* Search base: dc=pigreco,dc=it Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it)
*I have no result and in the log I read:get_ava: illegal value for attributeType memberof*
please note that memberOf attributetype is defined as:
( 1.2.840.113556.1.2.102 " "NAME 'memberOf' " "DESC 'Group that the entry belongs to' " "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " "EQUALITY distinguishedNameMatch " "USAGE dSAOperation " "NO-USER-MODIFICATION " ) do you have defined any table for this sort of operational attributes.
-Dieter
I have a "member" table defined as: id (= id record) - gid (= group id) - pers_id (= person id)
the others table involved are "groups" table (gid - name - cn - dn) and persons (id - name - surname - .....) [where id is same of keyval in ldap_entries]
2018-08-08 19:20 GMT+02:00 Dieter Klünter dieter@dkluenter.de:
Am Wed, 8 Aug 2018 15:19:23 +0200 schrieb Arianna Milazzo arianna@ariannamicrochip.it:
Ok, I understand that it isn't supported, but at the moment I can't try other solutions. And since that aside from that filter, the rest works, I don't want to give up like that.
Infact if I look for the following values (then on the groups) Search base: cn=groupname,ou=group,dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get if Name Surname is part of the groupname group
If I search Search base: dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get the list of which groups Name Surname belongs
*But with this (then on the people)* Search base: dc=pigreco,dc=it Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it)
*I have no result and in the log I read:get_ava: illegal value for attributeType memberof*
please note that memberOf attributetype is defined as:
( 1.2.840.113556.1.2.102 " "NAME 'memberOf' " "DESC 'Group that the entry belongs to' " "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " "EQUALITY distinguishedNameMatch " "USAGE dSAOperation " "NO-USER-MODIFICATION " ) do you have defined any table for this sort of operational attributes.
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
As I mentioned, memberOf is a operational attribute type, syntax is 'distinguishedName'. Are there any modifiable operational attributetypes in your sql database at all? Is rootDN able to write and modify attribute types?
-Dieter
Am Thu, 9 Aug 2018 12:22:55 +0200 schrieb Arianna Milazzo arianna@ariannamicrochip.it:
I have a "member" table defined as: id (= id record) - gid (= group id) - pers_id (= person id)
the others table involved are "groups" table (gid - name - cn - dn) and persons (id - name - surname - .....) [where id is same of keyval in ldap_entries]
2018-08-08 19:20 GMT+02:00 Dieter Klünter dieter@dkluenter.de:
Am Wed, 8 Aug 2018 15:19:23 +0200 schrieb Arianna Milazzo arianna@ariannamicrochip.it:
Ok, I understand that it isn't supported, but at the moment I can't try other solutions. And since that aside from that filter, the rest works, I don't want to give up like that.
Infact if I look for the following values (then on the groups) Search base: cn=groupname,ou=group,dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get if Name Surname is part of the groupname group
If I search Search base: dc=pigreco,dc=it Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) I get the list of which groups Name Surname belongs
*But with this (then on the people)* Search base: dc=pigreco,dc=it Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it)
*I have no result and in the log I read:get_ava: illegal value for attributeType memberof*
please note that memberOf attributetype is defined as:
( 1.2.840.113556.1.2.102 " "NAME 'memberOf' " "DESC 'Group that the entry belongs to' " "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " "EQUALITY distinguishedNameMatch " "USAGE dSAOperation " "NO-USER-MODIFICATION " ) do you have defined any table for this sort of operational attributes.
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org
-
Arianna Milazzo -
Dieter Klünter -
Michael Ströder