Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts

[Siddhartha Jain <sjain@silverspringnet.com>]

Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that 
2.4.x hasn't been introduced in RH/CentOS even two years after being 
released.

We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files 
and upgraded. YMMV.

- Siddhartha


On 5/4/10 9:36 AM, Quanah Gibson-Mount wrote:
> --On Tuesday, May 04, 2010 1:05 PM +0000 Stuart Cherrington
> <stuart_cherrington@hotmail.co.uk>  wrote:
>
>    
> > We're now migrating to OpenLDAP and I need the same functionality. I
> > found the 'ismemberof' attribute does not appear to be part of the
> > default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43.
> >      
> OpenLDAP 2.3.43 is deprecated and no longer supported.  I would advise you
> use a supported release of OpenLDAP.  2.4.21 is the current stable release.
> 2.4.22 is the current release.
>
>    
> > I found an interesting article at
> > http://forums.devshed.com/ldap-progr...te-191444.html on how to create
> > your own schema's. So I created a file called
> > /etc/openldap/schema/memberof.schema and put in the following text:
> >      
> I would advise looking at the slapo-memberof overlay that ships with
> openldap.  You may also wish to read up on slapo-dynlist for dynamic groups
> as well.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration
>    


--
Thanks,

- Siddhartha