[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about using memberOf attribute in OpenLDAP

Suneet Shah wrote:

Java and its native libraries to work with OpenLDAP in our application.
I need to be able to associate users to groups and this part works file. I can
do an ldap search and I can see the membership

dn: cn=NURSE,ou=roles,dc=mydir,dc=com
uniqueMember: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com

ldif for Role
dn: ou=roles,dc=mydir,dc=com
objectClass: top
objectClass: organizationalUnit
ou: roles

Sample user that created for above:
dn: uid=Suneet.LDAP-TEST-1,ou=users,dc=mydir,dc=com
preferredLanguage: E
displayName: LDAP-TEST-1,Suneet
employeeType: PERM FULL TIME
userPassword:: cGFzc3dvcmQ=
ou: OpenIAM
givenName: Suneet
uid: Suneet.LDAP-TEST-1
telephoneNumber: 234-123-4567
mail: suneet_shah@openiam.com <mailto:suneet_shah@openiam.com>
cn: Suneet LDAP-TEST-1
manager: uid=abc,ou=users,dc=mydir,dc=com
o: OpenIAM
departmentNumber: -
title: Test User
x-com-mydir-userStatus: Inactive
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: DIRUser

I also need to be able to remove users from a group. In this case, I am
looking up the user to see if they a have memberOf attribute. However, when I
do this, my search results are always empty. My code and search filter are
below. Any thoughts on what I am doing wrong?  I tried this OpenDS and it
works, but I need to get this work with OpenLDAP.  Also I noticed that my user
in ldap does not contain any attributes that show membership to a group.  I
have pasted below my code where I add a user to a group incase that is the
source of my error

That's the wrong approach. Use an LDAP Compare operation on the group, checking for uniquemember matching the user's DN.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/