Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
1. Does dynlist work this way only in OpenLDAP 2.6?
2. If no, do I have to import additional overlay ldifs?
3. Do I have to load additional modules other than dynlist?
4. Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
I you want add a second olcDlAttrSet do it this way: ------------- dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames -------------
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
Does dynlist work this way only in OpenLDAP 2.6?
If no, do I have to import additional overlay ldifs?
Do I have to load additional modules other than dynlist?
Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
Hallo,
dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
For me, it is {0} dynlist, so I created dynlist2.ldif:
dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Modified the AttrSet:
ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif
This worked well.
Then, created it.ldif:
dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
And added that:
/usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif
Then added me as an IT user:
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/pleger uid: pleger cn: Christoph Pleger userPassword: MyPassword gecos: Christoph Pleger,,, uidNumber: 10000 gidNumber: 10000 sn: Pleger givenName: Christoph employeeType: IT
So far, so good. But then:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf
# extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger00 # requesting: memberOf #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
So, no sign that I am member of group IT.
Regards Christoph
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
Does dynlist work this way only in OpenLDAP 2.6?
If no, do I have to import additional overlay ldifs?
Do I have to load additional modules other than dynlist?
Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
memberOf is an internal Attribute you must put a "+" at the ende of your ldapsearch command
Am 20.12.23 um 10:16 schrieb Christoph Pleger:
Hallo,
dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
For me, it is {0} dynlist, so I created dynlist2.ldif:
dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Modified the AttrSet:
ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif
This worked well.
Then, created it.ldif:
dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
And added that:
/usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif
Then added me as an IT user:
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/pleger uid: pleger cn: Christoph Pleger userPassword: MyPassword gecos: Christoph Pleger,,, uidNumber: 10000 gidNumber: 10000 sn: Pleger givenName: Christoph employeeType: IT
So far, so good. But then:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf
# extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger00 # requesting: memberOf #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
So, no sign that I am member of group IT.
Regards Christoph
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
Does dynlist work this way only in OpenLDAP 2.6?
If no, do I have to import additional overlay ldifs?
Do I have to load additional modules other than dynlist?
Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
Hello,
no memberOf Attribute yet:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger + # extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger # requesting: + #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de structuralObjectClass: inetOrgPerson entryUUID: c591d5be-3361-103e-8e4a-cfa0242b2e12 creatorsName: cn=admin,dc=cs,dc=tu-dortmund,dc=de createTimestamp: 20231220085905Z entryCSN: 20231220085905.057389Z#000000#000#000000 modifiersName: cn=admin,dc=cs,dc=tu-dortmund,dc=de modifyTimestamp: 20231220085905Z entryDN: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de subschemaSubentry: cn=Subschema hasSubordinates: FALSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Do I have to load additional modules like refint, dyngroup or memberof?
Regards Christoph
Stefan Kania wrote:
memberOf is an internal Attribute you must put a "+" at the ende of your ldapsearch command
Am 20.12.23 um 10:16 schrieb Christoph Pleger:
Hallo,
dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
For me, it is {0} dynlist, so I created dynlist2.ldif:
dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Modified the AttrSet:
ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif
This worked well.
Then, created it.ldif:
dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
And added that:
/usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif
Then added me as an IT user:
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/pleger uid: pleger cn: Christoph Pleger userPassword: MyPassword gecos: Christoph Pleger,,, uidNumber: 10000 gidNumber: 10000 sn: Pleger givenName: Christoph employeeType: IT
So far, so good. But then:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf
# extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger00 # requesting: memberOf #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
So, no sign that I am member of group IT.
Regards Christoph
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
Does dynlist work this way only in OpenLDAP 2.6?
If no, do I have to import additional overlay ldifs?
Do I have to load additional modules other than dynlist?
Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
Do you see your "dn" in the attribut "member" in your group "IT"? Or just the username?
Am 20.12.23 um 14:34 schrieb Christoph Pleger:
Hello,
no memberOf Attribute yet:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger + # extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger # requesting: + #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de structuralObjectClass: inetOrgPerson entryUUID: c591d5be-3361-103e-8e4a-cfa0242b2e12 creatorsName: cn=admin,dc=cs,dc=tu-dortmund,dc=de createTimestamp: 20231220085905Z entryCSN: 20231220085905.057389Z#000000#000#000000 modifiersName: cn=admin,dc=cs,dc=tu-dortmund,dc=de modifyTimestamp: 20231220085905Z entryDN: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de subschemaSubentry: cn=Subschema hasSubordinates: FALSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Do I have to load additional modules like refint, dyngroup or memberof?
NO, you don't need any of these modules
Regards Christoph
Stefan Kania wrote:
memberOf is an internal Attribute you must put a "+" at the ende of your ldapsearch command
Am 20.12.23 um 10:16 schrieb Christoph Pleger:
Hallo,
dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
For me, it is {0} dynlist, so I created dynlist2.ldif:
dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Modified the AttrSet:
ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif
This worked well.
Then, created it.ldif:
dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
And added that:
/usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif
Then added me as an IT user:
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/pleger uid: pleger cn: Christoph Pleger userPassword: MyPassword gecos: Christoph Pleger,,, uidNumber: 10000 gidNumber: 10000 sn: Pleger givenName: Christoph employeeType: IT
So far, so good. But then:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf
# extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger00 # requesting: memberOf #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
So, no sign that I am member of group IT.
Regards Christoph
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
Does dynlist work this way only in OpenLDAP 2.6?
If no, do I have to import additional overlay ldifs?
Do I have to load additional modules other than dynlist?
Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
Hello,
the result of the search is:
# IT, groups, cs.tu-dortmund.de dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT) member: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
Regards Christoph
Stefan Kania wrote:
Do you see your "dn" in the attribut "member" in your group "IT"? Or just the username?
Am 20.12.23 um 14:34 schrieb Christoph Pleger:
Hello,
no memberOf Attribute yet:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger + # extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger # requesting: + #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de structuralObjectClass: inetOrgPerson entryUUID: c591d5be-3361-103e-8e4a-cfa0242b2e12 creatorsName: cn=admin,dc=cs,dc=tu-dortmund,dc=de createTimestamp: 20231220085905Z entryCSN: 20231220085905.057389Z#000000#000#000000 modifiersName: cn=admin,dc=cs,dc=tu-dortmund,dc=de modifyTimestamp: 20231220085905Z entryDN: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de subschemaSubentry: cn=Subschema hasSubordinates: FALSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Do I have to load additional modules like refint, dyngroup or memberof?
NO, you don't need any of these modules
Regards Christoph
Stefan Kania wrote:
memberOf is an internal Attribute you must put a "+" at the ende of your ldapsearch command
Am 20.12.23 um 10:16 schrieb Christoph Pleger:
Hallo,
dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
For me, it is {0} dynlist, so I created dynlist2.ldif:
dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config changetype: modify add: olcDlAttrSet olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
Modified the AttrSet:
ldapmodify -Y EXTERNAL -H ldapi:/// -f dynlist2.ldif
This worked well.
Then, created it.ldif:
dn: cn=IT,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: IT memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
And added that:
/usr/bin/ldapadd -x -D "cn=admin,dc=cs,dc=tu-dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -f it.ldif
Then added me as an IT user:
dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/pleger uid: pleger cn: Christoph Pleger userPassword: MyPassword gecos: Christoph Pleger,,, uidNumber: 10000 gidNumber: 10000 sn: Pleger givenName: Christoph employeeType: IT
So far, so good. But then:
root@ldap:~/LDAP# ldapsearch -x -D "cn=admin,dc=cs,dc=tu- dortmund,dc=de" -y /usr/local/share/uadmd/conf.d/pwd.conf -b "dc=cs,dc=tu-dortmund,dc=de" uid=pleger memberOf
# extended LDIF # # LDAPv3 # base <dc=cs,dc=tu-dortmund,dc=de> with scope subtree # filter: uid=pleger00 # requesting: memberOf #
# Christoph Pleger, people, cs.tu-dortmund.de dn: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
So, no sign that I am member of group IT.
Regards Christoph
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I am using OpenLDAP 2.5.13 from Debian and want to use the dynamic list overlay for replacing the memberOf overlay, but I cannot get it to work.
As I read in several places, I first imported dyngroup.ldif, then created an ldif to load the dynlist module and the dynlist schema, like this:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member
Then, I created a group with this ldif:
dn: cn=Group1,ou=groups,dc=cs,dc=tu-dortmund,dc=de objectClass: groupOfURLs cn: Group1 memberURL: ldap:///dc=cs,dc=tu-dortmund,dc=de??sub?(employeeType=IT)
But though some of the users have employeeType=IT, I cannot get a user attribute memberOf or alike that says that, for example ITuser1 is a member of Group1 .
So, I tried another approach with dynlist that I read elsewhere:
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcDynamicList olcOverlay: {1}dynlist olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
But with this, I got an error message that memberOf@groupOfNames is unknown.
So, I have some questions:
Does dynlist work this way only in OpenLDAP 2.6?
If no, do I have to import additional overlay ldifs?
Do I have to load additional modules other than dynlist?
Do I have to set other overlay attributes for the dynlist overlay?
Regards Christoph
openldap-technical@openldap.org
-
Christoph Pleger -
Stefan Kania