[Date Prev][Date Next]
Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that
2.4.x hasn't been introduced in RH/CentOS even two years after being
We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files
and upgraded. YMMV.
On 5/4/10 9:36 AM, Quanah Gibson-Mount wrote:
--On Tuesday, May 04, 2010 1:05 PM +0000 Stuart Cherrington
We're now migrating to OpenLDAP and I need the same functionality. I
found the 'ismemberof' attribute does not appear to be part of the
default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43.
OpenLDAP 2.3.43 is deprecated and no longer supported. I would advise you
use a supported release of OpenLDAP. 2.4.21 is the current stable release.
2.4.22 is the current release.
I found an interesting article at
http://forums.devshed.com/ldap-progr...te-191444.html on how to create
your own schema's. So I created a file called
/etc/openldap/schema/memberof.schema and put in the following text:
I would advise looking at the slapo-memberof overlay that ships with
openldap. You may also wish to read up on slapo-dynlist for dynamic groups
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration