Discussion:
"memberof" function for memberUid attribute.
(too old to reply)
Andi Zulfadli
2015-10-29 10:13:09 UTC
Permalink
Raw Message
Dear Master.

Please help,

What is the format for filter the member of group?

we know that "memberof" format works in member attribute in openldap group
entry format.

example attribute :

dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com


*member: uid=john,ou=Users,o=<org-id>,dc=jumpcloud,dc=commember:
uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins

example filter :
example:
(&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))

But how about if my openldap group member attribute using memberUid as
attibute member's group.

dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com


*memberUid: johnmemberUid: mary*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins

How can i use "memberof" filter format in my openLDAP?

Thank you very much.
iam sorry for my ambiguity.
Michael Ströder
2015-10-30 10:24:36 UTC
Permalink
Raw Message
Post by Andi Zulfadli
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap group
entry format.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
(&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as
attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.

You could add a custom attribute to your member entries and maintain this to
reflect all the group memberships. But I'd strongly recommend to not do it.

Ciao, Michael.
Michael Ströder
2015-11-01 14:15:44 UTC
Permalink
Raw Message
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.

Example 'aeGroup':

( 1.3.6.1.4.1.5427.1.389.100.6.1
NAME 'aeGroup'
DESC 'AE-DIR: Group entry'
SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
STRUCTURAL MUST description )

You can leave out "groupOfURLs $ aeObject".

You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's
slapo-constraint can be helpful for that too.

Ciao, Michael.
Post by Michael Ströder
Post by Andi Zulfadli
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap
group
Post by Andi Zulfadli
entry format.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
(&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as
attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain this to
reflect all the group memberships. But I'd strongly recommend to not do it.
Ciao, Michael.
--
Michael Ströder Klauprechtstr. 11
Dipl.-Inform. D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316 Mobil: +49 170 2391920
E-Mail: ***@stroeder.com http://www.stroeder.com
Andi Zulfadli
2015-11-01 14:58:44 UTC
Permalink
Raw Message
Thank you very much sir.

I am still not clear about the solution. Sorry, because i am still study
about openldap structure.

Please can you help to give me more detailed explanation about
slapo-memberof or some article about that.

Thank you very much sir.
Best regards
Post by Michael Ströder
Thank you very much for your respond.
So, what your recommended ways that i have to do Sir?
Use a hybrid group schema and use slapo-memberof.
( 1.3.6.1.4.1.5427.1.389.100.6.1
NAME 'aeGroup'
DESC 'AE-DIR: Group entry'
SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
STRUCTURAL MUST description )
You can leave out "groupOfURLs $ aeObject".
You have to take care to keep 'member' and 'memberUID' in sync. OpenLDAP's
slapo-constraint can be helpful for that too.
Ciao, Michael.
Post by Michael Ströder
Post by Andi Zulfadli
What is the format for filter the member of group?
we know that "memberof" format works in member attribute in openldap
group
Post by Andi Zulfadli
entry format.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
uid=mary,ou=Users,o=<org-id>,dc=jumpcloud,dc=com*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
(&(objectClass=person)(memberOf=CN=name-of-the-group,OU=xample,DC=com))
But how about if my openldap group member attribute using memberUid as
attibute member's group.
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
*memberUid: johnmemberUid: mary*objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
How can i use "memberof" filter format in my openLDAP?
As slapo-memberof(5) clearly states: It works only with DN-syntax attributes.
You could add a custom attribute to your member entries and maintain
this
Post by Michael Ströder
to
reflect all the group memberships. But I'd strongly recommend to not do
it.
Post by Michael Ströder
Ciao, Michael.
--
Michael Ströder Klauprechtstr. 11
Dipl.-Inform. D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316 Mobil: +49 170 2391920
Loading...