Re: Search Filter by Group

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

That is interesting.  I wonder if we are using a modified 00core.ldif then.  I was unable to apply member attributes until I changed to the bis draft format.

Will have to do a little more investigation.

Thanks William.
________________________________________
From: William Brown <wibrown@xxxxxxxxxx>
Sent: Tuesday, May 2, 2017 4:32 PM
To: General discussion list for the 389 Directory server project.
Subject: [389-users] Re: Search Filter by Group

On Tue, 2017-05-02 at 16:38 +0000, Bassett.Mark wrote:
> This is what the memberOf  overlay is used for.   However it doesn't work with posixGroup out of the gate, In order to use memberOf and posixGroup you need to use the draft bis schema.
>
> memberOf  allows your user record to report group membership.
>
> Without it you must query the group directly for memberUid's.
>
> The bis draft schema should be available here:   /usr/share/dirsrv/data/10rfc2307bis.ldif
>
> replace your  10rfc2307.ldif  in /etc/dirsrv/schema/    and /etc/dirsrv/slapd-instance/schema
>
> Your groups should have objectclass groupOfNames
> and then you can add users to groups using  member: uid=$uid,ou=People,dc=example,dc=com
> instead of memberuid: $uid.
>
> Then, when you query a user it will show its group membership with memberof attributes.

Hey there,

We ship groupOfNames in 00core.ldif with the following comment:

# NOTE: There is one very important deviation from the LDAP standard:
# there is a bug in the standard definition of groupOfNames and
# groupOfUniqueNames - the member/uniqueMember attribute is in the MUST
# list, not the MAY list, which means you cannot have an empty group.
# Until the LDAP community figures out how to do grouping properly, we
# have put the member/uniqueMember attribute into the MAY list, to allow
# empty groups.


So groupOfNames on a posixGroup, with member: dn, should "just work" out
of the box. You only need to enable memberOf Plugin and run the fix up
task to get everything in order.

Hope that helps,

--
Sincerely,

William Brown
Software Engineer
Red Hat, Australia/Brisbane


CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux