Running OpenLDAP: slapd 2.4.23. My server currently returns memberOf info only when directly queried using memberOf. Is there a way to allow a base uid=me ldapsearch to return group memberships without specifying the memberOf?
ldapsearch -x -h someserver.test.net -W -D cn=someuser,dc=test,dc=net -b dc=test,dc=net uid=me versus ldapsearch -x -h someserver.test.net -W -D cn=someuser,dc=test,dc=net -b dc=test,dc=net uid=me memberOf
Here is the result of memberOf query:
# extended LDIF # # LDAPv3 # base <dc=test,dc=net> with scope subtree # filter: uid=me # requesting: memberOf #
# me, test.net dn: uid=me,dc=test,dc=net memberOf: cn=agroup,dc=test,dc=net
On Tue, 6 Sep 2011, Chris Jackson wrote:
Running OpenLDAP: slapd 2.4.23. My server currently returns memberOf info only when directly queried using memberOf. Is there a way to allow a base uid=me ldapsearch to return group memberships without specifying the memberOf?
See the attribute definition in servers/slapd/overlays/memberof.c:
"USAGE dSAOperation " /* added; questioned */
I don't personally recall the "questioned" dialogue. Perhaps you can find that searching through list archives and/or the ITS. However, so long as its an operational attribute, it's not going to come up in a standard search. (So perhaps you could remove this line from the schema, obviously at your own risk.)
openldap-technical@openldap.org
-
Aaron Richton -
Chris Jackson