I was looking through list archives and a few weeks ago, someone posted some
configurations for the memberOf overlay. I modified the configurations
slightly and it looks like everything is installed (with no errors) and
working, but when run an ldapsearch, it does not return the memberOf. Below is
the install and configuration method. Any guidance on what to change or error
logs to look at?
Thx Bill
##MY RESULTS##
server-1# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b
dc=example,dc=com memberOf
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1
dn: uid=test1,ou=People,dc=example,dc=com
##INSTALL AND CONFIG##
sudo apt-get -y install slapd ldap-utils
cd /etc/ldap
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo vi db.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module {0}
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb
olcModuleload: {1}memberof.la
# Create the database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: password
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {1}memberof
structuralObjectClass: olcMemberOf
:wq!
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif
sudo slappasswd -h {MD5}
##note: 1234 = {MD5}gdyb21LQTcIANtvYMT7QVQ==
sudo vi base.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectclass: organization
o: example.com
dc: example
description: My LDAP Root
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {MD5}gdyb21LQTcIANtvYMT7QVQ==
description: LDAP administrator
:wq!
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f base.ldif
sudo vi config.ldif
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcRootDN
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {MD5}gdyb21LQTcIANtvYMT7QVQ==
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
:wq!
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif
sudo vi acl.ldif
dn: olcDatabase={1}hdb,cn=config
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by
dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
:wq!
sudo ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif
#Add one group, add two users, place one user in group
ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com
memberOf
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/201469229/direct/01/
