Hi all,
I am trying to create groups within in Openldap-2.4.34 to use for Gmail Active Directory Synch "GADs" I formed the ldif file with following attributes:
dn: cn=Google,ou=Group,dc=curry,dc=edu objectclass: groupOfUniqueNames cn: mail: description: uniqueMember: uniqueMember:
when I try to add the file I get the following error: adding new entry "cn=Google,ou=Group,dc=curry,dc=edu" ldap_add: Object class violation (65) additional info: attribute 'mail' not allowed
Thanks.
On Thu, Aug 01, 2013 at 01:57:14PM -0400, Darouichi, Aziz wrote:
dn: cn=Google,ou=Group,dc=curry,dc=edu objectclass: groupOfUniqueNames cn: mail: description: uniqueMember: uniqueMember:
when I try to add the file I get the following error: adding new entry "cn= Google,ou=Group,dc=curry,dc=edu"
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed
That is correct. The definition of groupOfUniqueNames is:
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
'mail' is not listed as an allowed attribute. If you want to add that attribute then you also need to include a suitable auxiliary object class that permits it. I don't think there is such a class in the standard set, so you will have to create one of your own. That is probably a good thing to do anyway, and you could start with a definition like this:
objectclass ( 1.2.826.0.1.3458854.666.1.1 NAME 'curryEduMailObject' DESC 'Aux object class for curry.edu' SUP top AUXILIARY MAY ( mail ) )
Your entry now has two objectclasses:
dn: cn=Google,ou=Group,dc=curry,dc=edu objectclass: groupOfUniqueNames objectclass: curryEduMailObject cn: mail: description: uniqueMember: uniqueMember:
Ideally you should use an OID based on your own institution's allocation, but that is not critical at this stage.
Andrew
Andrew Findlay wrote:
'mail' is not listed as an allowed attribute. If you want to add that attribute then you also need to include a suitable auxiliary object class that permits it. I don't think there is such a class in the standard set, so you will have to create one of your own.
That's the use-case for
http://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-02
Ciao, Michael.
Hi, i did following steps for displaying memberof attribute for a user in red hat linux 6 1) first i added memberof module by memberofModule.ldif
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModuleLoad: ppolicy olcModulePath: /usr/lib64/openldap
2)then i loaded refint module by refintModule.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModuleLoad: refint olcModulePath: /usr/lib64/openldap
3)then i added memberof overlay by memberofoverlay.ldif
dn: olcOverlay={6}memberof,olcdatabase={2}bdb,cn=config objectClass: olcConfig objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: top olcOverlay: memberof olcMemberOfdefault: cn=Default,ou=policies,dc=transfer,dc=com olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberof
4)then i added refint overlay by refintoverlay.ldif
dn: olcOverlay={7}refint,olcdatabase={2}bdb,cn=config objectClass: olcConfig objectClass: olcRefintConfig objectClass: olcOverlayConfig objectClass: top olcOverlay: {7}refint olcRefintAttribute: memberof member manager owner seeAlso roleOccupant
5)then created one ou dn: ou=Cion,dc=transfer,dc=com ou: policies objectClass: top objectClass: organizationalUnit
and then added one group and added CUser77 to this group dn: cn=CGroup1,ou=Cion,dc=transfer,dc=com cn: CGroup1 objectClass: top objectClass: groupOfNames member: uid=CUser77,ou=Cion,dc=transfer,dc=com
But when i serached this user i am unable to retrieve user memberof attribute So how we can filter that user is added in that group?
Thanks & Regards Zeya Alam Badar
openldap-technical@openldap.org
-
Andrew Findlay -
Darouichi, Aziz -
Michael Ströder -
zeya badar