[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts

--On Tuesday, May 04, 2010 1:05 PM +0000 Stuart Cherrington <stuart_cherrington@hotmail.co.uk> wrote:

We're now migrating to OpenLDAP and I need the same functionality. I
found the 'ismemberof' attribute does not appear to be part of the
default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43.

OpenLDAP 2.3.43 is deprecated and no longer supported. I would advise you use a supported release of OpenLDAP. 2.4.21 is the current stable release. 2.4.22 is the current release.

I found an interesting article at
http://forums.devshed.com/ldap-progr...te-191444.html on how to create
your own schema's. So I created a file called
/etc/openldap/schema/memberof.schema and put in the following text:

I would advise looking at the slapo-memberof overlay that ships with openldap. You may also wish to read up on slapo-dynlist for dynamic groups as well.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration