[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "memberof" function for memberUid attribute.

Thank you very much sir. 

I am still not clear about the solution. Sorry, because i am still study about openldap structure.

Please can you help to give me more detailed explanation about slapo-memberof or some article about that.

Thank you very much sir.
Best regards


2015-11-01 6:15 GMT-08:00 Michael Ströder <michael@stroeder.com>:
Andi Zulfadli wrote:
> Thank you very much for your respond.
>
> So, what your recommended ways that i have to do Sir?

Use a hybrid group schema and use slapo-memberof.

Example 'aeGroup':

( 1.3.6.1.4.1.5427.1.389.100.6.1
  NAME 'aeGroup'
  DESC 'AE-DIR: Group entry'
  SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
  STRUCTURAL MUST description )

You can leave out "groupOfURLs $ aeObject".

You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's
slapo-constraint can be helpful for that too.

Ciao, Michael.

> 2015-10-30 3:24 GMT-07:00 Michael Ströder <michael@stroeder.com>:
>
>> Andi Zulfadli wrote:
>>> What is the format for filter the member of group?
>>>
>>> we know that "memberof" format works in member attribute in openldap
>> group
>>> entry format.
>>>
>>> example attribute :
>>>
>>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>>
>>> *member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
>>> uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
>>> objectClass: groupOfNames
>>> description: tagGroup
>>> cn: Admins
>>> ou: Admins
>>>
>>> example filter :
>>> example:
>>> (&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
>>>
>>> But how about if my openldap group member attribute using memberUid as
>>> attibute member's group.
>>>
>>> dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
>>>
>>>
>>> *memberUid: johnmemberUid: mary*objectClass: top
>>> objectClass: groupOfNames
>>> description: tagGroup
>>> cn: Admins
>>> ou: Admins
>>>
>>> How can i use "memberof" filter format in my openLDAP?
>>
>> As slapo-memberof(5) clearly states: It works only with DN-syntax
>> attributes.
>>
>> You could add a custom attribute to your member entries and maintain this
>> to
>> reflect all the group memberships. But I'd strongly recommend to not do it.
>>
>> Ciao, Michael.
>>
>>
>>
>


--
Michael Ströder                 Klauprechtstr. 11
Dipl.-Inform.                   D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316           Mobil: +49 170 2391920
E-Mail: michael@stroeder.com    http://www.stroeder.com