[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using dynlist overlay like dynlist and dyngroup (extend dyngroup schema?)



Hello openldap users!

slapd.conf:

overlay dynlist
dynlist-attrset groupOfUrls labeledURI member


ldif:

dn: cn=testgroup,ou=servers,dc=domain,dc=local
objectclass: groupOfNames
cn: testgroup
member: cn=test,ou=users,dc=domain,dc=local

dn: cn=maingroup,ou=servers,dc=domain,dc=local
objectclass: groupOfNames
cn: maingroup
member: cn=testgroup,ou=servers,dc=domain,dc=local

dn: cn=testgroup,ou=servers,dc=domain,dc=local
objectClass: top
objectClass: labeledURIObject
objectClass: groupOfURLs
cn: testgroup
labeledURI: ldap:///ou=users,dc=domain,dc=local??one?(objectClass=inetOrgPerson)

dn: cn=maingroup,ou=serversGroups,dc=domain,dc=local
objectClass: top
objectClass: labeledURIObject
objectClass: groupOfURLs
cn: maingroup
labeledURI: ldap:///ou=servers,dc=domain,dc=local?member?one?(objectClass=groupOfUrls)


With this configuration when ldapsearching for contents of
"cn=testgroup,ou=servers,dc=domain,dc=local" I got "member:
cn=testgroup,ou=servers,dc=domain,dc=local". Cool! It's working. Then
I want to have dynlist that contains members of group of dyngroups.
And here I stuck.
In slapd.conf I can say that some objectClass can be dyngroup or
dynlist, but not together. That's right.
Then I though that I can extend dyngroup.schema and add groupOfUrls2,
then add "dynlist-attrset groupOfUrls2 labeledURI" to slapd.conf and
groupOfUrls2 will behave like dynlist, and groupOfUrls will still be
dyngroup. That's would be very good for me!
I looked in dyngroup.schema and copy groupOfUrls definition to groupOfUrls2.

objectClass ( NetscapeLDAPobjectClass:33
   NAME 'groupOfURLs2'
   SUP top STRUCTURAL
   MUST cn
   MAY ( memberURL $ businessCategory $ description $ o $ ou $
      owner $ seeAlso ) )

But there was error:


/usr/local/etc/openldap/schema/dyngroup.schema: line 89 objectClass:
Inconsistent duplicate objectClass: "2.16.840.1.113730.3.2.33"
/usr/local/etc/openldap/slapd.conf: line 11: <include> handler exited with 1!
slapd destroy: freeing system resources.
slapd stopped.

So... I changed 33 to 34 in chema. Error gone, slapd started.

I added to ldap:

dn: cn=maingroup2,ou=serversGroups,dc=domain,dc=local
objectClass: top
objectClass: labeledURIObject
objectClass: groupOfURLs2
cn: maingroup
labeledURI: ldap:///ou=servers,dc=domain,dc=local?member?one?(objectClass=groupOfUrls)

and my slapd.conf not looking like this:

overlay dynlist
dynlist-attrset groupOfUrls labeledURI member
dynlist-attrset groupOfUrls2 labeledURI

So groupOfUrls must be dyngroup, and groupOfUrls2 must be dynlist.

And now when I ldapsearch for member attr in maingroup2 I wanted to
get all members of groups that are under
ou=servers,dc=domain,dc=local, but I got no members...
Logic was - testgroup (and others groupOfURLs) work as dyngroup and
generate member attr in it depending on specified labeledURI.
Then maingroup2 (and others) will ldapsearch in ou=servers and make
member: attr depending on member attr of groups in ou=servers (and
some filters, that I will use later).
But maingroup2 not working... It not generate member: attr in it.

I think I was wrong changing 33 to 34, because I need some more thing
to do, but I do not know what I should do. Can anoyone suggest what to
do?