[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Question about using memberOf attribute in OpenLDAP
- To: openldap-technical@openldap.org
- Subject: Question about using memberOf attribute in OpenLDAP
- From: Suneet Shah <suneetshah2000@gmail.com>
- Date: Mon, 2 Jan 2012 00:19:24 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=nSkdoTK0+oZbwzAMcJevrE6To49vZMjcB0MOHfezMBY=; b=UZ8e/OQxqZTqqOY08ute8J99FBP/o8oh4gE0JpW69yH97eDR355k/aQb+xsqvrOxM4 Ytn2qHxvf0KTxNCNjeEyW2lmmgrlsPO/cH9ssydDZZ4k8bp63ZXMhNapRMJm/UrX/32Y 12JnHwi4j8tIJcBvsHpxdErEw5FUGZP6n4rO0=
Hello,
Java and its native libraries to work with OpenLDAP in our application.
I need to be able to associate users to groups and this part works file. I can do an ldap search and I can see the membership
ie:
dn: cn=NURSE,ou=roles,dc=mydir,dc=com
uniqueMember: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com
ldif for Role
dn: ou=roles,dc=mydir,dc=com
objectClass: top
objectClass: organizationalUnit
ou: roles
Sample user that created for above:
dn: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com
preferredLanguage: E
displayName: LDAP-TEST-1,Suneet
employeeType: PERM FULL TIME
userPassword:: cGFzc3dvcmQ=
ou: OpenIAM
givenName: Suneet
uid: Suneet.LDAP-TEST-1
telephoneNumber: 234-123-4567
cn: Suneet LDAP-TEST-1
manager: uid=abc,ou=users,dc=mydir,dc=com
o: OpenIAM
departmentNumber: -
sn: LDAP-TEST-1
title: Test User
x-com-mydir-userStatus: Inactive
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: DIRUser
I also need to be able to remove users from a group. In this case, I am looking up the user to see if they a have memberOf attribute. However, when I do this, my search results are always empty. My code and search filter are below. Any thoughts on what I am doing wrong? I tried this OpenDS and it works, but I need to get this work with OpenLDAP. Also I noticed that my user in ldap does not contain any attributes that show membership to a group. I have pasted below my code where I add a user to a group incase that is the source of my error
Code snippet to search for a user before adding/removing from a group:
String[] attrIds = {"memberOf", "isMemberOf"};
NamingEnumeration results = null;
try {
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(attrIds);
String searchFilter =" (&(objectclass=inetOrgPerson)(uid=Suneet.LDAP-TEST-1))"
results = ldapctx.search(objectBaseDN, searchFilter, searchCtls);
Code to add a users to a group:
ModificationItem mods[] = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("uniqueMember", ldapName));
ldapctx.modifyAttributes(s, mods);
thanks for your help