AW: Permission management with LDAP

["Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>]

Hi Dieter,

It was a great idea to actual search for the objectClass on the server...
The objectClass 'groupOfPermisssions' was already in my Doku but not on the server...

Shame on me

Thanks a lot.

JOhn
-----Ursprüngliche Nachricht-----
Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Dieter Klünter
Gesendet: Freitag, 28. August 2015 15:24
An: openldap-technical@openldap.org
Betreff: Re: Permission management with LDAP

Am Fri, 28 Aug 2015 12:16:48 +0000
schrieb "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>:

> Hi,
> 
> I've tried your  idea. It worked well with groupOfNames.
> Then I've tried to implement the memberof overlay for a user specific
> objectClass: Dn: olcOverlay={1}
> objectClass: olcConfig
> objectClass: olcOverlayConfig
> objectClass: olcMemberOf
> olcOverlay: memberof
> olcMemberOfDangling: ignore
> olcMemberOfRefInt: TRUE
> olcMemberOfGroupOC: GroupOfPermissions
> olcMemberOfMemberAD: permissionMember
> olcMemberOfMemberOfAD: member
> 
> While adding the ldif, a "unable to find group objectClass="
> GroupOfPermissions "" The objectClass is available on the server and 
> is a self created objectclass. Do I have to include some paths to 
> announce the objectClass?

[...]

Check whether groupOfPermissions is loaded at all:
ldapsearch -x -H ldap://localhost -b cn=subschema -s base + \  | grep -A2 'groupOfPermisssions'

and what is the syntax of permissionmember and member?

-Dieter 

--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E