Re: translucent overlay add an attribute to all users in a OU and subtree

[Nicolas RENAULT <nicolas_renault@yahoo.fr>]

Le 21/10/2014 17:42, Dieter Klünter a écrit :
> Am Tue, 21 Oct 2014 14:35:14 +0200
> schrieb Nicolas RENAULT <nicolas_renault@yahoo.fr>:
>
> > Le 21/10/2014 09:23, Michael Ströder a écrit :
> > > Dieter Klünter wrote:
> > > > collectiveAttrbibuteSubentry is declared in schema_prep.c. When I
> > > > tested collective attributes, a few years ago, slapd had to be
> > > > build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this
> > > > is still the case.
> > > I've tested this yesterday and I had to build with
> > > -DLDAP_COLLECTIVE_ATTRIBUTES to make 'collectiveAttrbibuteSubentry'
> > > appear in the subschema subentry.
> > >
> > > Ciao, Michael.
> > thanks for reply
> >
> > so now the noob question : how do I build with
> > -DLDAP_COLLECTIVE_ATTRIBUTES ?
> > with our clue I try to restart the process with :
> >
> > configure :
> >
> > ./configure --enable-syslog --enable-modules --enable-rewrite
> > --enable-ldap --enable-meta --enable-collect --enable-dyngroup
> > --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv
> > --enable-valsort -DLDAP_COLLECTIVE_ATTRIBUTES
> >
> > result :
> > configure: error: unrecognized option: `-DLDAP_COLLECTIVE_ATTRIBUTES'
> >
> > so I look on "configure --help" and  "less INSTALL" , try to google
> > DLDAP_COLLECTIVE_ATTRIBUTES and at last try a grep on the directory
> > openldap-2.4.40/  but cannot find ref on how to build openldap with
> > DLDAP_COLLECTIVE_ATTRIBUTES ..
> >
> > finally and for archives :
> >
> > ./configure --enable-syslog --enable-modules --enable-rewrite
> > --enable-ldap --enable-meta --enable-collect --enable-dyngroup
> > --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv
> > --enable-valsort CFLAGS="-DLDAP_COLLECTIVE_ATTRIBUTES"
> >
> > after that , make depend, make , make install
> >
> > Works ! that is the good process ?
> >
> > now i can add the ldif with the example the you give me without
> > errors.
> >
> > but it doesn't appli collectives attributes :
> >
> > I have create this to test overlay collect  :
> >
> > ## dcObject is an AUXILIARY objectclass and MUST
> > ## have a STRUCTURAL objectclass (organization in this case)
> >
> > dn: dc=example,dc=fr
> > dc: example
> > o: example proxy LDAP Server
> > description: Root entry for example proxy LDAP server
> > objectClass: top
> > objectclass: dcObject
> > objectclass: organization
> >
> > ## FIRST Level hierarchy
> >
> > dn: ou=TOUT,dc=example,dc=fr
> > ou: TOUT
> > description: OU pour contenir tout les annuaires
> > objectClass: top
> > objectClass: organizationalUnit
> >
> > ## FIRST Level hierarchy - Manager
> >
> > dn: cn=Manager,dc=example,dc=fr
> > cn: Manager
> > description: Rootdn
> > objectclass: organizationalRole
> >
> > after that I add this (from example provide in reply) :
> >
> > dn: cn=office,dc=example,dc=fr
> > objectClass: subentry
> > objectClass: extensibleObject
> > objectClass: collectiveAttributeSubentry
> > cn: office
> > subtreeSpecification: {base "ou=TOUT" minimum 2}
> > c-l: Berlin
> > c-street: Main Street
> >
> > and
> >
> > dn: cn=user_test,ou=TOUT,dc=example,dc=fr
> > sn: test
> > cn: user_test
> > objectClass: user
> > objectClass: organizationalPerson
> > objectClass: person
> > objectClass: top
> >
> > and in slapd.conf just for tests :
> >
> > include         /etc/openldap/schema/collective.schema
> > .......
> > database        bdb
> > suffix          "dc=example,dc=fr"
> > rootdn          "cn=Manager,dc=example,dc=fr"
> > rootpw          "xxxxx"
> > directory      /usr/local/var/openldap-base
> > limits   * size=1000
> > overlay collect
> > collectinfo cn=office,dc=example,dc=fr l,street
> attributes should be c-l,c-street
ok so now the line is

collectinfo cn=office,dc=example,dc=fr c-l,c-street


> > with that , when I do an ldap search :
> >
> > ldapsearch -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -W
> > -b "ou=TOUT,dc=example,dc=fr" "(&(objectClass=user)(cn=user_test))"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <ou=TOUT,dc=example,dc=fr> with scope subtree
> > # filter: (&(objectClass=user)(cn=user_test))
> > # requesting: ALL
> > #
> >
> > # user_test, TOUT, example.fr
> > dn: cn=user_test,ou=TOUT,dc=example,dc=fr
> > sn: test
> > cn: user_test
> > objectClass: user
> > objectClass: organizationalPerson
> > objectClass: person
> > objectClass: top
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 2
> > # numEntries: 1
> >
> > no trace for the l and street attributes.  any idea ?
> The entries should be in cn=office,dc=example,dc=fr
sorry but I don't understand :

I create the object    cn=office,dc=example,dc=fr

dn: cn=office,dc=example,dc=fr
objectClass: subentry
objectClass: extensibleObject
objectClass: collectiveAttributeSubentry
cn: office
subtreeSpecification: {base "ou=TOUT" minimum 2}
c-l: Berlin
c-street: Main Street


with the subtreeSpecification to apply to "ou=TOUT" on dc=example,dc=fr.

no ?

I read the man

"Collective attributes are added to entries returned by a search 
operation when the entry is within the scope of the related ancestor"

I think that your reply refer to this part, but can you provide an 
working example or adapt my example to a working state ?

Thanks for reply

--
Nicolas