I was looking through list archives and a few weeks ago, someone posted some configurations for the memberOf overlay. I modified the configurations slightly and it looks like everything is installed (with no errors) and working, but when run an ldapsearch, it does not return the memberOf. Below is the install and configuration method. Any guidance on what to change or error logs to look at?



Thx Bill







##MY RESULTS##
server-1# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: uid=test1,ou=People,dc=example,dc=com





##INSTALL AND CONFIG##

sudo apt-get -y install slapd ldap-utils



cd /etc/ldap



sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif



sudo vi db.ldif


# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module {0}
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb
olcModuleload: {1}memberof.la



# Create the database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: password
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq



dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {1}memberof
structuralObjectClass: olcMemberOf

:wq!


sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif



sudo slappasswd -h {MD5}

##note: 1234 = {MD5}gdyb21LQTcIANtvYMT7QVQ==

sudo vi base.ldif

dn: dc=example,dc=com
objectClass: dcObject
objectclass: organization
o: example.com
dc: example
description: My LDAP Root



dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {MD5}gdyb21LQTcIANtvYMT7QVQ==
description: LDAP administrator

:wq!



sudo ldapadd -Y EXTERNAL -H ldapi:/// -f base.ldif



sudo vi config.ldif

dn: cn=config
changetype: modify
delete: olcAuthzRegexp



dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess



dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcRootDN



dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config



dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {MD5}gdyb21LQTcIANtvYMT7QVQ==



dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

:wq!


sudo ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif


sudo vi acl.ldif

dn: olcDatabase={1}hdb,cn=config
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
:wq!


sudo ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif



#Add one group, add two users, place one user in group

ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf



_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/201469229/direct/01/