I need help figuring out what I'm missing.
I've got Cent 5.6 using centos-ds.x86_64 8.1.0-1.el5.centos.2 installed via yum.
I turned on the memberof plugin, here's the section from dse.ldif:
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 8.1.0
nsslapd-pluginVendor: CentOS
nsslapd-pluginDescription: memberof plugin
modifiersName: cn=directory manager
modifyTimestamp: 20110617190837Z
I'm currently messing with the value on memberofgroupattr. The only thing that seems to do anything is with it set the way above, in the error log I get:
Entry "uid=new.user,ou=test,dc=domain, dc=com" -- attribute "memberOf" not allowed
So if I'm understanding, it's trying to mod the user entry and the attribute isn't allowed.
Setting the memberofgroupattr to anything else gets me nothing noticeable. ldapsearch isn't showing memberof:
/usr/lib64/mozldap/ldapsearch -D "cn=Directory Manager" -w -h localhost -b "dc=domain,dc=com" -s sub "(uid=new.user)" memberof
That gets me:
version: 1
dn: uid=new.user,ou=test,dc=domain, dc=com
I've run the fixup-memberof.pl in /usr/lib64/dirsrv/slapd-hostname and I get:
ldapmodify: started Fri Jun 17 15:15:55 2011
ldap_init( host, 389 )
add objectclass:
top
extensibleObject
add cn:
memberOf_fixup_2011_6_17_15_15_55
add basedn:
dc=domain,dc=com
adding new entry cn=memberOf_fixup_2011_6_17_15_15_55, cn=memberOf task, cn=tasks, cn=config
modify complete
I'm using ldapadmin from a Windows box to assign/delete people from groups. What I'm a little confused on is the difference between a group and a groupofuniquenames. I also see a difference when using the web gui (directory server gateway) in users. The gateway creates and entry while in ldapadmin I'm creating users. Not sure how that factors but the memberofgroupattr relies on what object class it is and I'm obviously trying the wrong things or something is busted elsewhere. The error log isn't showing any other errors. I can restart dirsrv just fine, nothing funny in the log when I do that:
[17/Jun/2011:15:01:56 -0400] - slapd shutting down - signaling operation threads
[17/Jun/2011:15:01:56 -0400] - slapd shutting down - waiting for 22 threads to terminate
[17/Jun/2011:15:01:56 -0400] - slapd shutting down - closing down internal subsystems and plugins
[17/Jun/2011:15:01:56 -0400] - Waiting for 4 database threads to stop
[17/Jun/2011:15:01:56 -0400] - All database threads now stopped
[17/Jun/2011:15:01:56 -0400] - slapd stopped.
[17/Jun/2011:15:01:58 -0400] - CentOS-Directory/8.1.0 B2009.134.1334 starting up
[17/Jun/2011:15:01:58 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
What am I missing?
I need some help with centos-ds getting memberof working
Re: I need some help with centos-ds getting memberof working
Finally figured out why it wouldn't allow memberOf.
I needed one of the object classes that contain that value to be set on the person. In this case I found inetUser.
Any way to make inetUser inherited from the OU?
I needed one of the object classes that contain that value to be set on the person. In this case I found inetUser.
Any way to make inetUser inherited from the OU?