MemberOf attribute not being returned
Hi, I'm sure this was working in the past on this server but Im now not getting anything returned when I request the memberOf attribute. I compiled OpenLDAP 2.4.23 with the following flags: ./configure --prefix=/usr/local/authz --enable-meta --enable-ldap --enable-bdb --enable-monitor --enable-syncprov --enable-translucent --enable-memberof --enable-dyngroup --enable-dynlist --with-threads --with-tls --with-cyrus-sasl --enable-syslog --enable-spasswd cd make depend make make test make install I'm using slapd.d and I have the following in /usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb olcOverlay={0}dynlist.ldif olcOverlay={1}memberof.ldif olcOverlay={2}syncprov.ldif The contents of olcOverlay\=\{1\}memberof.ldif are: dn: olcOverlay={1}memberof objectClass: olcOverlayConfig objectClass: olcMemberOf olcMemberOfDangling: ignore olcMemberOfRefInt: FALSE olcMemberOfGroupOC: posixGroup olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf structuralObjectClass: olcMemberOf entryUUID: 4d5a3aa8-fbac-45c9-b259-941d13e02724 creatorsName: cn=config createTimestamp: 20100318151149Z entryCSN: 20100318151149.488341Z#00#003#00 modifiersName: cn=config modifyTimestamp: 20100318151149Z olcOverlay: {1}memberof The log is attached. -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. openldap.log Description: Binary data Any ideas? The only thing I've changed recently is the ACLs Kind regards, Mark /* Mark Cairney ITI UNIX Section Information Services University of Edinburgh Tel: 0131 650 6565 Email: mark.cair...@ed.ac.uk */
RE: MemberOf attribute not being returned
Nevermind, I think I know what's happening. My user account was updated on our current live server running OpenLDAP 2.3 which doesn't have the MemberOf overlay. When this change was applied using syncrepl the memberOf field must have been removed. I'll take the old server out of the syncrepl but in the meantime is there any way to ensure this field is preserved when provisioning accounts in LDAP? Kind regards, Mark /* Mark Cairney ITI UNIX Section Information Services University of Edinburgh Tel: 0131 650 6565 Email: mark.cair...@ed.ac.uk */ -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Re: MemberOf attribute not being returned
Mark Cairney wrote: Hi, I'm sure this was working in the past on this server but Im now not getting anything returned when I request the memberOf attribute. I compiled OpenLDAP 2.4.23 with the following flags: ./configure --prefix=/usr/local/authz --enable-meta --enable-ldap --enable-bdb --enable-monitor --enable-syncprov --enable-translucent --enable-memberof --enable-dyngroup --enable-dynlist --with-threads --with-tls --with-cyrus-sasl --enable-syslog --enable-spasswd cd make depend make make test make install I'm using slapd.d and I have the following in /usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb olcOverlay={0}dynlist.ldif olcOverlay={1}memberof.ldif olcOverlay={2}syncprov.ldif The contents of olcOverlay\=\{1\}memberof.ldif are: You should not be poking or peeking at the files inside slapd.d. You should be using slapcat -n0 or ldapsearch -b cn=config to show the contents of the config database. As with other slapd databases, its structure and format are subject to change without notice at any time. The only thing guaranteed to remain compatible is the LDAP interfaces to the database. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: MemberOf attribute not being returned
Warning duly noted. Lessing the files in question seemed like the best way of providing a concise description of what configuration I had and where in the config it lay. As it stands I answered my question anyway. Kind regards, Mark On 27 Jan 2011, at 12:16, Howard Chu wrote: Mark Cairney wrote: Hi, I'm sure this was working in the past on this server but Im now not getting anything returned when I request the memberOf attribute. I compiled OpenLDAP 2.4.23 with the following flags: ./configure --prefix=/usr/local/authz --enable-meta --enable-ldap --enable-bdb --enable-monitor --enable-syncprov --enable-translucent --enable-memberof --enable-dyngroup --enable-dynlist --with-threads --with-tls --with-cyrus-sasl --enable-syslog --enable-spasswd cd make depend make make test make install I'm using slapd.d and I have the following in /usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb olcOverlay={0}dynlist.ldif olcOverlay={1}memberof.ldif olcOverlay={2}syncprov.ldif The contents of olcOverlay\=\{1\}memberof.ldif are: You should not be poking or peeking at the files inside slapd.d. You should be using slapcat -n0 or ldapsearch -b cn=config to show the contents of the config database. As with other slapd databases, its structure and format are subject to change without notice at any time. The only thing guaranteed to remain compatible is the LDAP interfaces to the database. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ /* Mark Cairney ITI UNIX Section Information Services University of Edinburgh Tel: 0131 650 6565 Email: mark.cair...@ed.ac.uk */ -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.