Am 16.03.23 um 16:36 schrieb Ondřej Kuzník:
On Thu, Mar 16, 2023 at 03:22:25PM +0100, Andreas Ladanyi wrote:
Hi,
i changed my config a bit but it doesnt work.
i dont have a dynamic group. Yes i configured a dynamic list. We want to add
the memberOf attribute to user entries.
We have static groups with objectclass "groupofnames" which contain the DN
of users with attribute "member=uid=name,............"
The user entries contain the attribute
labeledURI=ldap:///BASE_DN?entryDN?sub?(&(objectClass=groupOfNames)(member=uid=name,..........))
So the DNs of all the static groupofname groups which a user is a member of
should be returned by the dynlist URI expansion.
The dynlist modul should map the entryDNs of the expansion to memberOf and
the memberOf attribute should be delivered with the user entry output when
ldapsearch:
dynlist-attrset labeledURIObject labeledURI memberOf:entryDN
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN '(|(uid=username))'
memberOf
ldapsearch with no result.
Hi,
Hi,
is there a reason you don't just follow what the dynlist manpage says
for static groups?
e.g.
dynlist-attrset groupOfURLs memberURL member+memberOf@groupOfNames
dynlist-attrset labeledURIObject labeledURI memberOf+member@groupOfNames
works
That way you can get rid of having to set labeledURI on each of the
users as well...
No, i cant. I tried out. Without labeledURI attribute for each user
ldapsearch doesnt result the memberOf attributs of the user entity with
this ldapsearch call:
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN '(uid=username)'
memberOf
The labeledURI attribute is:
labeledURI=ldap:///BASE_DN??sub?(&(objectClass=groupOfNames)(member=uid=name,..........))
The attrs part is absent.
Searching to memberOf doesnt work.
ldapsearch -H ldap://LDAP_Server -s sub -b BASE_DN
'(memberOf=cn=groupname,ou=groupOfNames,dc=.............)' doesnt result
anything.
entryDN is set to "read" for *.
