[Date Prev][Date Next] [Chronological] [Thread] [Top]

Trouble with memberOf Overlay



I was looking through list archives and a few weeks ago, someone posted some configurations for the memberOf overlay.  I modified the configurations slightly and it looks like everything is installed (with no errors) and working, but when run an ldapsearch, it does not return the memberOf.  Below is the install and configuration method.  Any guidance on what to change or error logs to look at?
 
Thx Bill
 
 
 
##MY RESULTS##
server-1# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf
 SASL/EXTERNAL authentication started
 SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
 SASL SSF: 0
 version: 1
 dn: uid=test1,ou=People,dc=example,dc=com
 
 
##INSTALL AND CONFIG##
sudo apt-get -y install slapd ldap-utils
 
cd /etc/ldap
 
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
 
sudo vi db.ldif
 
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module {0}
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb
olcModuleload: {1}memberof.la
 
# Create the database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: password
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
 
dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {1}memberof
structuralObjectClass: olcMemberOf
:wq!

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif
 
sudo slappasswd -h {MD5}
##note: 1234 =  {MD5}gdyb21LQTcIANtvYMT7QVQ==

sudo vi base.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectclass: organization
o: example.com
dc: example
description: My LDAP Root
 
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {MD5}gdyb21LQTcIANtvYMT7QVQ==
description: LDAP administrator
:wq!
 
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f base.ldif
 
sudo vi config.ldif
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
 
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
 
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcRootDN
 
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
 
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {MD5}gdyb21LQTcIANtvYMT7QVQ==
 
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
:wq!

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif

sudo vi acl.ldif
dn: olcDatabase={1}hdb,cn=config
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
:wq!  
sudo ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif
 
#Add one group, add two users, place one user in group
ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=example,dc=com memberOf
 


Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.