[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "memberof" function for memberUid attribute.

To: Andi Zulfadli <andi.zulfadli@gmail.com>
Subject: Re: "memberof" function for memberUid attribute.
From: Michael Ströder <michael@stroeder.com>
Date: Sun, 1 Nov 2015 15:15:44 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <CALxWLiqm3m2_Ss2DV_c6moeyHtp8_PprHYMfgVU8Oj=vLR+pKg@mail.gmail.com>
References: <CALxWLirp=bPDdm6=BRb5JYpMEofQinnf8kxeCWTvdVaWE0iwKA@mail.gmail.com> <56334564.6030104@stroeder.com> <CALxWLiqm3m2_Ss2DV_c6moeyHtp8_PprHYMfgVU8Oj=vLR+pKg@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 SeaMonkey/2.38

Andi Zulfadli wrote:
> Thank you very much for your respond.
> 
> So, what your recommended ways that i have to do Sir?

Use a hybrid group schema and use slapo-memberof.

Example 'aeGroup':

( 1.3.6.1.4.1.5427.1.389.100.6.1
  NAME 'aeGroup'
  DESC 'AE-DIR: Group entry'
  SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
  STRUCTURAL MUST description )

You can leave out "groupOfURLs $ aeObject".

You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's
slapo-constraint can be helpful for that too.

Ciao, Michael.

> 2015-10-30 3:24 GMT-07:00 Michael Ströder <michael@stroeder.com>:
> 
>> Andi Zulfadli wrote:
>>> What is the format for filter the member of group?
>>>
>>> we know that "memberof" format works in member attribute in openldap
>> group
>>> entry format.
>>>
>>> example attribute :
>>>
>>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>>
>>> *member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
>>> uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
>>> objectClass: groupOfNames
>>> description: tagGroup
>>> cn: Admins
>>> ou: Admins
>>>
>>> example filter :
>>> example:
>>> (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
>>>
>>> But how about if my openldap group member attribute using memberUid as
>>> attibute member's group.
>>>
>>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>>
>>>
>>> *memberUid: johnmemberUid: mary*objectClass: top
>>> objectClass: groupOfNames
>>> description: tagGroup
>>> cn: Admins
>>> ou: Admins
>>>
>>> How can i use "memberof" filter format in my openLDAP?
>>
>> As slapo-memberof(5) clearly states: It works only with DN-syntax
>> attributes.
>>
>> You could add a custom attribute to your member entries and maintain this
>> to
>> reflect all the group memberships. But I'd strongly recommend to not do it.
>>
>> Ciao, Michael.
>>
>>
>>
> 


--
Michael Ströder                 Klauprechtstr. 11
Dipl.-Inform.                   D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316           Mobil: +49 170 2391920
E-Mail: michael@stroeder.com    http://www.stroeder.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: "memberof" function for memberUid attribute.
  - From: Andi Zulfadli <andi.zulfadli@gmail.com>

References:
- Re: "memberof" function for memberUid attribute.
  - From: Andi Zulfadli <andi.zulfadli@gmail.com>

Prev by Date: Re: "memberof" function for memberUid attribute.
Next by Date: Re: "memberof" function for memberUid attribute.
Index(es):
- Chronological
- Thread