|
I was looking through list archives and a few weeks ago, someone posted some configurations for the memberOf overlay. I modified the configurations slightly and it looks like everything is installed (with no errors) and working, but when run an ldapsearch, it does not return the memberOf. Below is the install and configuration method. Any guidance on what to change or error logs to look at? Thx Bill ##MY RESULTS## server-1# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 version: 1 dn: uid=test1,ou=People,dc=example,dc=com ##INSTALL AND CONFIG## sudo apt-get -y install slapd ldap-utils cd /etc/ldap sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif sudo vi db.ldif # Load dynamic backend modules dn: cn=module{0},cn=config objectClass: olcModuleList cn: module {0} olcModulepath: /usr/lib/ldap olcModuleload: {0}back_hdb olcModuleload: {1}memberof.la # Create the database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=example,dc=com olcRootDN: cn=admin,dc=example,dc=com olcRootPW: password olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {1}memberof structuralObjectClass: olcMemberOf :wq! sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif sudo slappasswd -h {MD5} ##note: 1234 = {MD5}gdyb21LQTcIANtvYMT7QVQ== sudo vi base.ldif dn: dc=example,dc=com objectClass: dcObject objectclass: organization o: example.com dc: example description: My LDAP Root dn: cn=admin,dc=example,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin userPassword: {MD5}gdyb21LQTcIANtvYMT7QVQ== description: LDAP administrator :wq! sudo ldapadd -Y EXTERNAL -H ldapi:/// -f base.ldif sudo vi config.ldif dn: cn=config changetype: modify delete: olcAuthzRegexp dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify delete: olcRootDN dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,cn=config dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {MD5}gdyb21LQTcIANtvYMT7QVQ== dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess :wq! sudo ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif sudo vi acl.ldif dn: olcDatabase={1}hdb,cn=config add: olcAccess olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read :wq! sudo ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif #Add one group, add two users, place one user in group ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. |