3:13 a.m.
Dear Master.
Please help,
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap group
entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
example filter :
example:
(&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as
attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
How can i use "memberof" filter format in my openLDAP?
Thank you very much.
iam sorry for my ambiguity.
3:24 a.m.
Andi Zulfadli wrote:
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap group
entry format.
example attribute :
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
example filter :
example:
(&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as
attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain this to
reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
5:56 a.m.
Dear Mr. Michael
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Best regards,
2015-10-30 3:24 GMT-07:00 Michael Ströder <michael(a)stroeder.com>:
Andi Zulfadli wrote:
> What is the format for filter the member of group?
>
> we know that "memberof" format works in member attribute in openldap
group
> entry format.
>
> example attribute :
>
> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>
> *member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
> uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
> objectClass: groupOfNames
> description: tagGroup
> cn: Admins
> ou: Admins
>
> example filter :
> example:
> (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
>
> But how about if my openldap group member attribute using memberUid as
> attibute member's group.
>
> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>
>
> *memberUid: johnmemberUid: mary*objectClass: top
> objectClass: groupOfNames
> description: tagGroup
> cn: Admins
> ou: Admins
>
> How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax
attributes.
You could add a custom attribute to your member entries and maintain this
to
reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
6:15 a.m.
Andi Zulfadli wrote:
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.
Example 'aeGroup':
( 1.3.6.1.4.1.5427.1.389.100.6.1
NAME 'aeGroup'
DESC 'AE-DIR: Group entry'
SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
STRUCTURAL MUST description )
You can leave out "groupOfURLs $ aeObject".
You have to take care to keep 'member' and 'memberUID' in sync.
OpenLDAP's
slapo-constraint can be helpful for that too.
Ciao, Michael.
2015-10-30 3:24 GMT-07:00 Michael Ströder
<michael(a)stroeder.com>:
> Andi Zulfadli wrote:
>> What is the format for filter the member of group?
>>
>> we know that "memberof" format works in member attribute in openldap
> group
>> entry format.
>>
>> example attribute :
>>
>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>
>> *member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
>> uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
>> objectClass: groupOfNames
>> description: tagGroup
>> cn: Admins
>> ou: Admins
>>
>> example filter :
>> example:
>> (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
>>
>> But how about if my openldap group member attribute using memberUid as
>> attibute member's group.
>>
>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>
>>
>> *memberUid: johnmemberUid: mary*objectClass: top
>> objectClass: groupOfNames
>> description: tagGroup
>> cn: Admins
>> ou: Admins
>>
>> How can i use "memberof" filter format in my openLDAP?
>
> As slapo-memberof(5) clearly states: It works only with DN-syntax
> attributes.
>
> You could add a custom attribute to your member entries and maintain this
> to
> reflect all the group memberships. But I'd strongly recommend to not do it.
>
> Ciao, Michael.
>
>
>
--
Michael Ströder Klauprechtstr. 11
Dipl.-Inform. D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316 Mobil: +49 170 2391920
E-Mail: michael(a)stroeder.com http://www.stroeder.com
6:58 a.m.
Thank you very much sir.
I am still not clear about the solution. Sorry, because i am still study
about openldap structure.
Please can you help to give me more detailed explanation about
slapo-memberof or some article about that.
Thank you very much sir.
Best regards
2015-11-01 6:15 GMT-08:00 Michael Ströder <michael(a)stroeder.com>:
Andi Zulfadli wrote:
> Thank you very much for your respond.
>
> So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.
Example 'aeGroup':
( 1.3.6.1.4.1.5427.1.389.100.6.1
NAME 'aeGroup'
DESC 'AE-DIR: Group entry'
SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
STRUCTURAL MUST description )
You can leave out "groupOfURLs $ aeObject".
You have to take care to keep 'member' and 'memberUID' in sync.
OpenLDAP's
slapo-constraint can be helpful for that too.
Ciao, Michael.
> 2015-10-30 3:24 GMT-07:00 Michael Ströder <michael(a)stroeder.com>:
>
>> Andi Zulfadli wrote:
>>> What is the format for filter the member of group?
>>>
>>> we know that "memberof" format works in member attribute in
openldap
>> group
>>> entry format.
>>>
>>> example attribute :
>>>
>>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>>
>>> *member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
>>> uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
>>> objectClass: groupOfNames
>>> description: tagGroup
>>> cn: Admins
>>> ou: Admins
>>>
>>> example filter :
>>> example:
>>> (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
>>>
>>> But how about if my openldap group member attribute using memberUid as
>>> attibute member's group.
>>>
>>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>>
>>>
>>> *memberUid: johnmemberUid: mary*objectClass: top
>>> objectClass: groupOfNames
>>> description: tagGroup
>>> cn: Admins
>>> ou: Admins
>>>
>>> How can i use "memberof" filter format in my openLDAP?
>>
>> As slapo-memberof(5) clearly states: It works only with DN-syntax
>> attributes.
>>
>> You could add a custom attribute to your member entries and maintain
this
>> to
>> reflect all the group memberships. But I'd strongly recommend to not do
it.
>>
>> Ciao, Michael.
>>
>>
>>
>
--
Michael Ströder Klauprechtstr. 11
Dipl.-Inform. D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316 Mobil: +49 170 2391920
E-Mail: michael(a)stroeder.com http://www.stroeder.com
2773
days inactive
2776
days old
openldap-technical@openldap.org
4 comments
2 participants
participants (2)
-
Andi Zulfadli -
Michael Ströder