Re: memberuid value should be DN or RDN or both woks

[Dameon Wagner <dameon.wagner@it.ox.ac.uk>]

On Tue, Apr 19 2016 at 15:25:53 +0000, scn_73@yahoo.com scribbled
 in "memberuid value should be DN or RDN or both woks":
> All,
> 
> Openldap is complaining invalid dn. I doubt,  it's for group members
> those memberuid don't have have DN and added as RDN. Like to know
> does memberuid should be DN or RDN works too.

The contents of a "memberUid" attribute in a "posixGroup" should only
match the "uid" attribute of a directory entry that is of objectClass
"posixAccount".

Whether that is also used as the entries RDN depends on how you've
modelled your directory, but it could be.  It won't be a fully
qualified DN though.

>  slapd[4892]: conn=1629448 op=2180 do_search: invalid dn (member1) 
>  slapd[4892]: conn=1629448 op=2181 do_search: invalid dn (memver2) 
> slapd[4892]: conn=1629448 op=2182 do_search: invalid dn (member2) 
> 
> objectClass: posixGroup
> objectClass: top
> cn: g1
> gidNumber: xxxx
> memberUid: member1
> memberUid: member2
> memberUid: member3
> - Sachin

I'm not entirely sure what might have caused the "invalid dn"
response, but it might help if you also included example entries for
the members in question.

Cheers.

Dameon.

-- 
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Systems Development and Support
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><