MemberOf attribute not being returned
Hi,
I'm sure this was working in the past on this server but Im now not getting
anything returned when I request the memberOf attribute.
I compiled OpenLDAP 2.4.23 with the following flags:
./configure --prefix=/usr/local/authz --enable-meta --enable-ldap --enable-bdb
--enable-monitor --enable-syncprov --enable-translucent --enable-memberof
--enable-dyngroup --enable-dynlist --with-threads --with-tls --with-cyrus-sasl
--enable-syslog --enable-spasswd cd make depend make make test make install
I'm using slapd.d and I have the following in
/usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb
olcOverlay={0}dynlist.ldif
olcOverlay={1}memberof.ldif
olcOverlay={2}syncprov.ldif
The contents of olcOverlay\=\{1\}memberof.ldif are:
dn: olcOverlay={1}memberof
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcMemberOfDangling: ignore
olcMemberOfRefInt: FALSE
olcMemberOfGroupOC: posixGroup
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
structuralObjectClass: olcMemberOf
entryUUID: 4d5a3aa8-fbac-45c9-b259-941d13e02724
creatorsName: cn=config
createTimestamp: 20100318151149Z
entryCSN: 20100318151149.488341Z#00#003#00
modifiersName: cn=config
modifyTimestamp: 20100318151149Z
olcOverlay: {1}memberof
The log is attached.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
openldap.log
Description: Binary data
Any ideas? The only thing I've changed recently is the ACLs
Kind regards,
Mark
/*
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email: mark.cair...@ed.ac.uk
*/
RE: MemberOf attribute not being returned
Nevermind, I think I know what's happening. My user account was updated on our current live server running OpenLDAP 2.3 which doesn't have the MemberOf overlay. When this change was applied using syncrepl the memberOf field must have been removed. I'll take the old server out of the syncrepl but in the meantime is there any way to ensure this field is preserved when provisioning accounts in LDAP? Kind regards, Mark /* Mark Cairney ITI UNIX Section Information Services University of Edinburgh Tel: 0131 650 6565 Email: mark.cair...@ed.ac.uk */ -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Re: MemberOf attribute not being returned
Mark Cairney wrote:
Hi,
I'm sure this was working in the past on this server but Im now not getting
anything returned when I request the memberOf attribute.
I compiled OpenLDAP 2.4.23 with the following flags:
./configure --prefix=/usr/local/authz --enable-meta --enable-ldap --enable-bdb
--enable-monitor --enable-syncprov --enable-translucent --enable-memberof
--enable-dyngroup --enable-dynlist --with-threads --with-tls --with-cyrus-sasl
--enable-syslog --enable-spasswd cd make depend make make test make install
I'm using slapd.d and I have the following in
/usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb
olcOverlay={0}dynlist.ldif
olcOverlay={1}memberof.ldif
olcOverlay={2}syncprov.ldif
The contents of olcOverlay\=\{1\}memberof.ldif are:
You should not be poking or peeking at the files inside slapd.d. You should be
using slapcat -n0 or ldapsearch -b cn=config to show the contents of the
config database. As with other slapd databases, its structure and format are
subject to change without notice at any time. The only thing guaranteed to
remain compatible is the LDAP interfaces to the database.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: MemberOf attribute not being returned
Warning duly noted. Lessing the files in question seemed like the best way of
providing a concise description of what configuration I had and where in the
config it lay.
As it stands I answered my question anyway.
Kind regards,
Mark
On 27 Jan 2011, at 12:16, Howard Chu wrote:
Mark Cairney wrote:
Hi,
I'm sure this was working in the past on this server but Im now not getting
anything returned when I request the memberOf attribute.
I compiled OpenLDAP 2.4.23 with the following flags:
./configure --prefix=/usr/local/authz --enable-meta --enable-ldap
--enable-bdb --enable-monitor --enable-syncprov --enable-translucent
--enable-memberof --enable-dyngroup --enable-dynlist --with-threads
--with-tls --with-cyrus-sasl --enable-syslog --enable-spasswd cd make
depend make make test make install
I'm using slapd.d and I have the following in
/usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb
olcOverlay={0}dynlist.ldif
olcOverlay={1}memberof.ldif
olcOverlay={2}syncprov.ldif
The contents of olcOverlay\=\{1\}memberof.ldif are:
You should not be poking or peeking at the files inside slapd.d. You should
be using slapcat -n0 or ldapsearch -b cn=config to show the contents of
the config database. As with other slapd databases, its structure and format
are subject to change without notice at any time. The only thing guaranteed
to remain compatible is the LDAP interfaces to the database.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
/*
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email: mark.cair...@ed.ac.uk
*/
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
