Dear Master.
Please help,
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap group entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember: uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
example filter : example: (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
How can i use "memberof" filter format in my openLDAP?
Thank you very much. iam sorry for my ambiguity.
Andi Zulfadli wrote:
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap group entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember: uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
example filter : example: (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain this to reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
Dear Mr. Michael
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Best regards,
2015-10-30 3:24 GMT-07:00 Michael Ströder michael@stroeder.com:
Andi Zulfadli wrote:
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap
group
entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember: uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
example filter : example: (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain this to reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
Andi Zulfadli wrote:
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.
Example 'aeGroup':
( 1.3.6.1.4.1.5427.1.389.100.6.1 NAME 'aeGroup' DESC 'AE-DIR: Group entry' SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) STRUCTURAL MUST description )
You can leave out "groupOfURLs $ aeObject".
You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's slapo-constraint can be helpful for that too.
Ciao, Michael.
2015-10-30 3:24 GMT-07:00 Michael Ströder michael@stroeder.com:
Andi Zulfadli wrote:
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap
group
entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember: uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
example filter : example: (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain this to reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
-- Michael Ströder Klauprechtstr. 11 Dipl.-Inform. D-76137 Karlsruhe, Germany Tel.: +49 721 8304316 Mobil: +49 170 2391920 E-Mail: michael@stroeder.com http://www.stroeder.com
Thank you very much sir.
I am still not clear about the solution. Sorry, because i am still study about openldap structure.
Please can you help to give me more detailed explanation about slapo-memberof or some article about that.
Thank you very much sir. Best regards
2015-11-01 6:15 GMT-08:00 Michael Ströder michael@stroeder.com:
Andi Zulfadli wrote:
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.
Example 'aeGroup':
( 1.3.6.1.4.1.5427.1.389.100.6.1 NAME 'aeGroup' DESC 'AE-DIR: Group entry' SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) STRUCTURAL MUST description )
You can leave out "groupOfURLs $ aeObject".
You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's slapo-constraint can be helpful for that too.
Ciao, Michael.
2015-10-30 3:24 GMT-07:00 Michael Ströder michael@stroeder.com:
Andi Zulfadli wrote:
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap
group
entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember: uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
example filter : example: (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top objectClass: groupOfNames description: tagGroup cn: Admins ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain
this
to reflect all the group memberships. But I'd strongly recommend to not do
it.
Ciao, Michael.
-- Michael Ströder Klauprechtstr. 11 Dipl.-Inform. D-76137 Karlsruhe, Germany Tel.: +49 721 8304316 Mobil: +49 170 2391920 E-Mail: michael@stroeder.com http://www.stroeder.com
openldap-technical@openldap.org
-
Andi Zulfadli -
Michael Ströder