Re: Enable memberOf

Elias Pereira Sun, 18 Sep 2016 12:41:17 -0700

Thanks for the answer Michael!!!

My slapd.conf in attach.


I followed precisely the tip that you gave me at the link below:
http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance

When I run: *ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b
dc=my,dc=company,dc=br memberOf*

only shows me: *dn: uid=test1,ou=People,dc=my,dc=company,dc=br*

Not show the *memberOf: cn=testgroup,ou=Group,dc=my,dc=company,dc=br*

I may have forgotten something?

On Sun, Sep 18, 2016 at 7:26 AM, Michael Ströder <[email protected]>
wrote:

> Elias Pereira wrote:
> > For a new group that I create, memberof is set automatically, ok?
>
> slapo-memberof intercepts write operations to group entries and updates
> member
> entries at that time.
>
> Note that the member entry must exist of course for this to succeed.
>
> Also note that you have to run slapo-memberof on all replicas because
> attribute
> 'memberOf' is *not* replicated.
>
> > But the groups that I already have on my base. How would I do to "enable"
> > the memberof option?
>
> Modify the group entry.
>
> > Ldap accou manager maybe do that?
>
> Client tools should not muck with attribute 'memberOf' (unless your 200%
> sure
> what you're doing).
>
> Ciao, Michael.
>
>


-- 
Elias Pereira

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/misc.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/openldap.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/eduperson.schema
include         /etc/ldap/schema/breduperson.0.0.6.schema
include         /etc/ldap/schema/schac-20061212-1.3.0

loglevel -1

pidfile         /var/run/sldapd/slapd.pid
argsfile        /var/run/sldapd/slapd.args

sizelimit -1

# Load dynamic backend modules:
modulepath      /usr/lib/ldap
moduleload      back_bdb.la
moduleload      memberof.la

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
suffix          "dc=poa,dc=ifrs,dc=edu,dc=br"
rootdn          "cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br"

rootpw          {SSHA}rAQpM6QYNGr0R/5X4qg4GgPaJvIFs/H0

directory       /var/lib/ldap

#######################################################################
# SSL:
#Certficados de seguranca

#TLSCACertificateFile /etc/ldap/certs/poa.cert
#TLSCertificateFile /etc/ldap/certs/poa.crt
#TLSCertificateKeyFile /etc/ldap/certs/poa.key



########## Permissoes de Usuarios #####################################

#access to *
#        by dn.base="cn=replicador,dc=poa,dc=ifrs,dc=edu,dc=br" read
#        by * break

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by dn="cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br" write
        by self write
        by * auth

access to dn.children="ou=People,dc=poa,dc=ifrs,dc=edu,dc=br" 
attrs=objectClass,sambaSamAccount
        by dn="cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br" write
        by * read

access to dn.children="ou=Groups,dc=poa,dc=ifrs,dc=edu,dc=br" 
attrs=description,sambaSID,sambaGroupType,displayName,objectClass,cn
        by dn="cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br" write
        by * read

access to dn.children="ou=Computers,dc=poa,dc=ifrs,dc=edu,dc=br" 
attrs=objectClass,sambaSamAccount
        by dn="cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br" write
        by * read

access to dn.children="ou=Idmap,dc=poa,dc=ifrs,dc=edu,dc=br"
        by dn="cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br" write
        by * read

access to dn.subtree="dc=poa,dc=ifrs,dc=edu,dc=br"
        by dn="cn=Manager,dc=poa,dc=ifrs,dc=edu,dc=br" write
        by * read

######################################################################
# Configuracao Replicacao Reitoria
######################################################################

# uniquely identifies this server para PoA:
#ServerID 051
# carregar o modulo
#moduleload  syncprov
# syncprov specific indexing (add others as required)
#index    entryCSN                                          eq
#index    entryUUID                                         eq
# Tipo de sincronizacao
#overlay syncprov
# Forcar sincronizacao a cada 100 gravacoes, ou a cada 10 minutos
#syncprov-checkpoint 100 10
# Mantem um registro das ultimas 100 entradas sincronizadas
#syncprov-sessionlog 100

################ FIM REPLICACAO #####################################

# Indices to maintain
index   objectClass             eq
index   cn                      pres,sub,eq
index   sn                      pres,sub,eq
index   uid                     pres,sub,eq
index   displayName             pres,sub,eq
index   uidNumber               eq
index   gidNumber               eq
index   memberUID               eq
index   sambaSID                eq
index   sambaPrimaryGroupSID    eq
index   sambaDomainName         eq
index   default                 sub
overlay         memberof

Re: Enable memberOf

Reply via email to