Enabling the memberof attribute in openldap as follows
1. Adding the MemberOf Module
ldapadd -x -D cn=config -h localhost -p 389 -W
Enter LDAP Password:
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap/
olcModuleLoad: memberof
adding new entry "cn=module,cn=config"
After adding the above command cn=module{0}.ldif file created in the /etc/openldap/slapd.d/cn\=config directory.
2. Enabling the OverPlay
dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
adding new entry "olcOverlay=memberof,olcDatabase={2}bdb,cn=config"
3. Testing the Member Of Attribute added to the user
3.1 Creating the Ldap User
ldapadd -x -D cn=config -h localhost -p 389 -W
Enter LDAP Password:
dn: uid=test_member_uid,ou=People,dc=example,dc=edu
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
cn: test_member_uid
sn: test_member_uid
uid: test_member_uid
userPassword: test123
adding new entry "uid=test_member_uid,ou=People,dc=example,dc=edu"
3.2 Adding the New Group
dn: cn=test_memberof_grp,ou=Groups,dc=example,dc=edu
objectclass: groupofnames
objectclass: top
cn: test_memberof_grp
member: uid=test_member_uid,ou=People,dc=example,dc=edu
adding new entry "cn=test_memberof_grp,ou=Groups,dc=example,dc=edu"
3.3 Searching the Ldap User based on uid attribute
ldapsearch -x -D cn=Manager,dc=example,dc=edu -W -h localhost -p 389 -b ou=people,dc=example,dc=edu uid=test_member_uid dn memberof
Enter LDAP Password:
Ldap Search Result
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=edu> with scope subtree
# filter: uid=test_member_uid
# requesting: dn memberof
#
# test_member_uid, People, example.edu
dn: uid=test_member_uid,ou=People,dc=example,dc=edu
memberOf: cn=test_memberof_grp,ou=Groups,dc=example,dc=edu
# search result
search: 2
result: 0 Success
objectclass: groupofnames
objectclass: top
cn: test_memberof_grp
member: uid=test_member_uid,ou=People,dc=example,dc=edu
adding new entry "cn=test_memberof_grp,ou=Groups,dc=example,dc=edu"
3.3 Searching the Ldap User based on uid attribute
ldapsearch -x -D cn=Manager,dc=example,dc=edu -W -h localhost -p 389 -b ou=people,dc=example,dc=edu uid=test_member_uid dn memberof
Enter LDAP Password:
Ldap Search Result
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=edu> with scope subtree
# filter: uid=test_member_uid
# requesting: dn memberof
#
# test_member_uid, People, example.edu
dn: uid=test_member_uid,ou=People,dc=example,dc=edu
memberOf: cn=test_memberof_grp,ou=Groups,dc=example,dc=edu
# search result
search: 2
result: 0 Success
No comments:
Post a Comment