[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf attributes not working through slapd-ldap backend

> Hi,
> Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use.
> On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a
> '+' for the attribute arguments correctly returns the memberOf
> attributes as created by the overlay.
> On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine,
> supplied by our vendor which repackages some components). I've setup a
> proxy server there which uses slapd-ldap to proxy connections back to
> the openSUSE LDAP server.
> On the SL system, ldapsearch talking directly to the openSUSE server
> correctly returns the memberOf attributes when using '+'. But when going
> through the local proxy server, they don't appear. The server log says
> "PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the
> attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf
> attributes are displayed, but all in capitals, as if there's a schema
> missing.

The schema definition of memberOf is in fact missing in the proxy.  That
definition is hardcoded in slapo-memberof(5).  Your build probably has
slapo-memberof(5) built as module, or not built at all.  You need to just
load the module, so the schema definition takes place.