[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts



Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that 2.4.x hasn't been introduced in RH/CentOS even two years after being released.

We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files and upgraded. YMMV.

- Siddhartha


On 5/4/10 9:36 AM, Quanah Gibson-Mount wrote:
--On Tuesday, May 04, 2010 1:05 PM +0000 Stuart Cherrington
<stuart_cherrington@hotmail.co.uk>  wrote:

We're now migrating to OpenLDAP and I need the same functionality. I
found the 'ismemberof' attribute does not appear to be part of the
default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43.
OpenLDAP 2.3.43 is deprecated and no longer supported.  I would advise you
use a supported release of OpenLDAP.  2.4.21 is the current stable release.
2.4.22 is the current release.

I found an interesting article at
http://forums.devshed.com/ldap-progr...te-191444.html on how to create
your own schema's. So I created a file called
/etc/openldap/schema/memberof.schema and put in the following text:
I would advise looking at the slapo-memberof overlay that ships with
openldap.  You may also wish to read up on slapo-dynlist for dynamic groups
as well.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration


--
Thanks,

- Siddhartha