Hi,
I'm planning on deploying the memberof overlay feature in our OpenLDAP v2.3 directory and I'd like to get some practical advice on this. So far, I've done some testing in my test environment. I've added an overlay directive in slapd.conf:
overlay memberof
and imported group info to populate data. memberof queries appear to be working fine.
Is there something else I should consider in addition?
What would be the best way to get the memberof attribute values populated in the production database? Should I reimport all the data? What would be the best way for doing that? Or is it possible to somehow get the attribute values populated without reimporting?
marko
--On Monday, November 28, 2011 8:02 PM +0000 Asplund Marko marko.asplund@ixonos.com wrote:
Hi,
I'm planning on deploying the memberof overlay feature in our OpenLDAP v2.3 directory and I'd like to get some practical advice on this. So far, I've done some testing in my test environment. I've added an overlay directive in slapd.conf:
My practical advice would start with running a supported version of OpenLDAP. There are 15 fixes listed to the memberof overlay in the 2.4 series alone.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Hi,
Thanks for the tip. I'll update the server.
Any advice concerning the configuration?
How would you recommend getting memberof values populated in the existing directory?
marko
--On Wednesday, November 30, 2011 12:25 PM +0000 Asplund Marko marko.asplund@ixonos.com wrote:
Hi,
Thanks for the tip. I'll update the server.
Any advice concerning the configuration?
How would you recommend getting memberof values populated in the existing directory?
I don't use memberOf, so I can't comment further.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Any advice concerning the configuration?
Hi, the configuration is pretty straightforward. This is mine:
overlay memberof memberof-group-oc groupOfNames memberof-member-ad member memberof-memberof-ad memberOf memberof-dn cn=Manager,dc=my_base_dn memberof-dangling ignore memberof-dangling-error 80 memberof-refint FALSE
How would you recommend getting memberof values populated in the existing
directory?
If you can afford a sequence of stop -> slapcat -> drop db -> slapadd everything gets populated as desired.
I can help if you are concerned to understand why I chose these parameters.
Remember that in dealing with overlays, order matters! So be careful in the order you choose in instantiating them. Regards Marco
2011/11/28 Asplund Marko marko.asplund@ixonos.com
Hi,
I'm planning on deploying the memberof overlay feature in our OpenLDAP v2.3 directory and I'd like to get some practical advice on this. So far, I've done some testing in my test environment. I've added an overlay directive in slapd.conf:
overlay memberof
and imported group info to populate data. memberof queries appear to be working fine.
Is there something else I should consider in addition?
What would be the best way to get the memberof attribute values populated in the production database? Should I reimport all the data? What would be the best way for doing that? Or is it possible to somehow get the attribute values populated without reimporting?
marko
Hi Marko,
It's been a long time since I did not play with this overlay. But as far as I can remember, values of memberof attributes could not be used into a search filter.
To the list: is it possible now into the latest 2.4 version ?
Regards, Thomas.
2011/12/6 Michael Ströder michael@stroeder.com
Thomas Chemineau wrote:
It's been a long time since I did not play with this overlay. But as far
as I
can remember, values of memberof attributes could not be used into a
search
filter.
Of course you can search with (memberOf=<group DN>) for group member entries.
Ciao, Michael.
Thank you Michael, I confused with dynlist overlay. I apologize for the noise.
Regards, Thomas.
openldap-technical@openldap.org
-
Asplund Marko -
Marco Pizzoli -
Michael Ströder -
Quanah Gibson-Mount -
Thomas Chemineau