[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8825) slapo-memberof: memberof-memberof-ad doesn't work correctly
Full_Name: Quanah Gibson-Mount
Version: 2.4.45
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)
Per the slapo-memberof man page, you can define a different attribute than
"memberOf" to hold the group membership information for an entry.
However, this fails due to the fact that when a different attribute is used,
slapd applies objectClass rule requirements to the entry. slapd does *not* do
this when the default value of "memberOf" is used.
Example config:
overlay memberof
memberof-group-oc groupofuniquenames
memberof-member-ad uniquemember
memberof-memberof-ad ismemberof
Example schema:
attributetype ( 2.15.930.3.234225.3.1
NAME 'isMemberOf'
DESC 'Sun defined attribute type'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
X-ORIGIN 'Sun Directory Server' )
Create a group:
dn: cn=mygroup,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: mygroup
uniqueMember: cn=La Valko,ou=Peons,dc=example,dc=com
Group creates OK, but:
slapd[5149]: Entry (cn=La Valko,ou=Peons,dc=example,dc=com), attribute
'isMemberOf' not allowed
slapd[5149]: entry failed schema check: attribute 'isMemberOf' not allowed
slapd[5149]: conn=1000 op=19: memberof_value_modify DN="cn=la
valko,ou=peons,dc=example,dc=com" add isMemberOf="cn=mygroup,dc=example,dc=com"
failed err=65