Hi all,
I've created a group with the dynlist overlay to create dynamic groups. Now i want to implement authentication with it but seem to be unable to search on it with nss-pam-lib or sssd.
Before i start configuring all that stuff i wanted to see what search/filter string i need to make and been playing around to get the member.
When i search with base the dynamic group i get all the members/
# ldapsearch -x -b 'cn=prod,ou=isp,ou=acl,dc=ispavailability,dc=com'
dn: cn=prod,ou=isp,ou=acl,dc=ispavailability,dc=com objectClass: groupOfURLs cn: prod memberURL: ldap:///cn=sysadmin,ou=isp,ou=groups,dc=ispavailability,dc=com?memb er?sub? member: uid=richard,ou=people,dc=ispavailability,dc=com
So i thought i'll create a search string for the cn and the member.
# ldapsearch -x '(&(cn=prod)(member=uid=richard,ou=people,dc=ispavailability,dc=com))'
And i get nothing....
So i thought about using the memberof overlay with it.
# ldapsearch -x uid=richard memberof
I get the static group trough the memberof overlay but not the dynamic group. Am i missing something or am i trying to do something that's simply not possible?
Cheers.
Richard
Richard Pijnenburg wrote:
I've created a group with the dynlist overlay to create dynamic groups. Now i want to implement authentication with it but seem to be unable to search on it with nss-pam-lib or sssd.
You cannot search members of dynamic groups.
Therefore I wrote a script which maintains static groups by LDAP searches specified by LDAP URLs.
Ciao, Michael.
Michael Ströder wrote:
Richard Pijnenburg wrote:
I've created a group with the dynlist overlay to create dynamic groups. Now i want to implement authentication with it but seem to be unable to search on it with nss-pam-lib or sssd.
You cannot search members of dynamic groups.
Therefore I wrote a script which maintains static groups by LDAP searches specified by LDAP URLs.
If you're going to store the results in static groups anyway, just use the autogroup overlay.
On 2012-09-28 02:32, Howard Chu wrote:
Michael Ströder wrote:
Richard Pijnenburg wrote:
I've created a group with the dynlist overlay to create dynamic groups. Now i want to implement authentication with it but seem to be unable to search on it with nss-pam-lib or sssd.
You cannot search members of dynamic groups.
Therefore I wrote a script which maintains static groups by LDAP searches specified by LDAP URLs.
If you're going to store the results in static groups anyway, just use the autogroup overlay.
@Michael;
Thank you for your quick reply. Is there a way i can make a future request ( if it makes sense at all ) to make that possible?
@Howard;
Do you have some more information regarding the autogroup overlay?
All i could find is this: http://www.openldap.org/devel//cvsweb.cgi/~checkout~/contrib/slapd-modules/a... At the moment i'm running openldap-2.4.23
Thank you very much.
Richard
openldap-technical@openldap.org
-
Howard Chu -
Michael Ströder -
Richard Pijnenburg