[Date Prev][Date Next] [Chronological] [Thread] [Top]

memberOf attributes not working through slapd-ldap backend


Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use.

On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a '+' for the attribute arguments correctly returns the memberOf attributes as created by the overlay.

On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine, supplied by our vendor which repackages some components). I've setup a proxy server there which uses slapd-ldap to proxy connections back to the openSUSE LDAP server.

On the SL system, ldapsearch talking directly to the openSUSE server correctly returns the memberOf attributes when using '+'. But when going through the local proxy server, they don't appear. The server log says "PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf attributes are displayed, but all in capitals, as if there's a schema missing.

One possibly important point: we're using the rfc2307bis schema on our main server, and this isn't supplied with the SL distribution of OpenLDAP, so I've just copied it over to the SL system.

I think this suggests a broken build of OpenLDAP 2.4 supplied by our vendor, but is there anything I might be doing wrong? The proxy server's slapd.conf file is as so:

include         /cm/local/apps/openldap/etc/schema/core.schema
include         /cm/local/apps/openldap/etc/schema/cosine.schema
include         /cm/local/apps/openldap/etc/schema/inetorgperson.schema
include         /cm/local/apps/openldap/etc/schema/rfc2307bis.schema
include         /cm/local/apps/openldap/etc/schema/rcsperson.schema

argsfile        /var/run/openldap/slapd.args
pidfile         /var/run/openldap/slapd.pid

database        ldap
monitoring      off

uri             ldap://opensuse.ldapserver.example.com
tls             start tls_cacertdir=/etc/openldap/certs
suffix          dc=example,dc=com
rootdn          "cn=admin,dc=example,dc=com"

Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                http://www.le.ac.uk/its/
IT Services                                   Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom