Le 05/04/2019 à 19:18, Martin Pittamitz a écrit :
> On 05/04/2019 16:33, Clément OUDOT wrote:
>>
>>
>> Le 05/04/2019 à 10:36, Olivier - a écrit :
>>> Hi all,
>>>
>>
>> Hello,
>>
>>
>>> I'm testing static group and dynamic group.
>>>
>>> * Dynmaic group : is it possible to do reverse search in dynamic
>>> group ? I reead something about the "ismemberof" attribute and
>>> /ds-virtual-static-group/. But i'm not sure we can do it with
>>> openldap
>>>
>>
>> Not with dynlist overlay, but you could try autogroup overlay with
>> memberof overlay. The autogroup overlay will build static groups
>> trough a memberUrl.
>>
>>
>>
>>> *
>>>
>>>
>>>
>>>
>>> * Static group seems to be fine for me. I have a newbie's question :
>>> can we have , for example, the mail attribute of all members of
>>> service Y in only one request ?
>>> I mean : make a request on service Y to have member's list and ,
>>> in the same action , have the member's mail.
>>>
>>
>> You could do it by using the "deref" search extended control.
>>
>>
>>
>> --
>> Clément Oudot | Identity Solutions Manager
>>
>> [email protected]
>>
>> Worteks | https://www.worteks.com
>
> Hi,
>
>
> I have implemented a setup like that ("autogroup" and "memberof"
> overlay, modified dynlist schema to include "member" attribute).
>
>
> Everything is working, except for the memberOf attribute in
> combination with autogroup and a groupOfURLs.
>
>
> E.g. I can list all the members of an autogroup fine if I search for
> the group, but if I request the memberOf for a certain uid, only the
> non-autogroup groups are returned.
>
>
> According to the bits of documentation I could find, everything should
> be setup correctly, but the memberOf is never set for autogroups.
>
>
> From #openldap I got the information that this should be working,
> theoretically, ... see this thread, which describes exactly my use
> case with the same problems surfacing:
>
> http://www.openldap.org/lists/openldap-bugs/201407/msg00040.html
>
>
> Any insights on this?
>
Hello,
it seems to work if you set memberOf overlay after autogroup overlay:
dn: olcOverlay={9}autogroup,olcDatabase={1}mdb,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcAutomaticGroups
objectClass: olcOverlayConfig
olcOverlay: {9}autogroup
olcAGattrSet: {0}groupOfURLs memberURL member
dn: olcOverlay={10}memberof,olcDatabase={1}mdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {10}memberof
olcMemberOfGroupOC: groupOfURLs
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
--
Clément Oudot | Identity Solutions Manager
[email protected]
Worteks | https://www.worteks.com
