Re: Search memberOf
As I mentioned, memberOf is a operational attribute type, syntax is 'distinguishedName'. Are there any modifiable operational attributetypes in your sql database at all? Is rootDN able to write and modify attribute types? -Dieter Am Thu, 9 Aug 2018 12:22:55 +0200 schrieb Arianna Milazzo : > I have a "member" table defined as: > id (= id record) - gid (= group id) - pers_id (= person id) > > the others table involved are "groups" table (gid - name - cn - dn) > and persons (id - name - surname - .) [where id is same of keyval > in ldap_entries] > > > > 2018-08-08 19:20 GMT+02:00 Dieter Klünter : > > > Am Wed, 8 Aug 2018 15:19:23 +0200 > > schrieb Arianna Milazzo : > > > > > Ok, I understand that it isn't supported, but at the moment I > > > can't try other solutions. > > > And since that aside from that filter, the rest works, I don't > > > want to give up like that. > > > > > > Infact if I look for the following values (then on the groups) > > > Search base: cn=groupname,ou=group,dc=pigreco,dc=it > > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > > I get if Name Surname is part of the groupname group > > > > > > If I search > > > Search base: dc=pigreco,dc=it > > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > > I get the list of which groups Name Surname belongs > > > > > > *But with this (then on the people)* > > > Search base: dc=pigreco,dc=it > > > Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it) > > > > > > > > > *I have no result and in the log I read:get_ava: illegal value for > > > attributeType memberof* > > > > please note that memberOf attributetype is defined as: > > > > ( 1.2.840.113556.1.2.102 " > > "NAME 'memberOf' " > > "DESC 'Group that the entry belongs to' " > > "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " > > "EQUALITY distinguishedNameMatch " > > "USAGE dSAOperation " > > "NO-USER-MODIFICATION " > > ) > > do you have defined any table for this sort of operational > > attributes. > > > > -Dieter > > > > -- > > Dieter Klünter | Systemberatung > > http://sys4.de > > GPG Key ID: E9ED159B > > 53°37'09,95"N > > 10°08'02,42"E > > > > -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
Re: Search memberOf
I have a "member" table defined as: id (= id record) - gid (= group id) - pers_id (= person id) the others table involved are "groups" table (gid - name - cn - dn) and persons (id - name - surname - .) [where id is same of keyval in ldap_entries] 2018-08-08 19:20 GMT+02:00 Dieter Klünter : > Am Wed, 8 Aug 2018 15:19:23 +0200 > schrieb Arianna Milazzo : > > > Ok, I understand that it isn't supported, but at the moment I can't > > try other solutions. > > And since that aside from that filter, the rest works, I don't want > > to give up like that. > > > > Infact if I look for the following values (then on the groups) > > Search base: cn=groupname,ou=group,dc=pigreco,dc=it > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > I get if Name Surname is part of the groupname group > > > > If I search > > Search base: dc=pigreco,dc=it > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > I get the list of which groups Name Surname belongs > > > > *But with this (then on the people)* > > Search base: dc=pigreco,dc=it > > Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it) > > > > > > *I have no result and in the log I read:get_ava: illegal value for > > attributeType memberof* > > please note that memberOf attributetype is defined as: > > ( 1.2.840.113556.1.2.102 " > "NAME 'memberOf' " > "DESC 'Group that the entry belongs to' " > "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " > "EQUALITY distinguishedNameMatch " > "USAGE dSAOperation " > "NO-USER-MODIFICATION " > ) > do you have defined any table for this sort of operational attributes. > > -Dieter > > -- > Dieter Klünter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E > >
Re: Unique overlay confusing
Hi there, sorry for the reply, On Wed, Aug 08, 2018 at 01:26:28PM +0200, Ervin Hegedüs wrote: > Hi Michael, > > On Wed, Aug 08, 2018 at 12:51:53PM +0200, Michael Ströder wrote: > > On 8/8/18 12:46 PM, Ervin Hegedüs wrote: > > >On Wed, Aug 08, 2018 at 12:36:06PM +0200, Michael Ströder wrote: > > >>*and* > > >>re-index the DB? > > > > > >no. (never) > > > > Please check whether the search (mail=f...@example.com) really returns the > > existing entries. > > # slapindex -n 1 > ... > > # ... modified the entry's mail to an existing one... > > # ldapsearch -vvv -x -H ldaps://dev-ldap-01:636 -b "dc=hu" -D "admin..." -w > "mail=airw...@company.hu" | grep ^mail > ldap_initialize( ldaps://dev-ldap-01:636/??base ) > Enter LDAP Password: > filter: mail=airw...@company.hu > requesting: All userApplication attributes > mail: airw...@company.hu > mail: airw...@company.hu > > (there are two entries) > > # ... rollback the modification ... > > # ldapsearch -vvv -x -H ldaps://dev-ldap-01:636 -b "dc=hu" -D "admin..." -w > "mail=airw...@company.hu" | grep ^mail > ldap_initialize( ldaps://dev-ldap-01:636/??base ) > Enter LDAP Password: > filter: mail=airw...@company.hu > requesting: All userApplication attributes > mail: airw...@company.hu > > (there is only one entry) > > > relevant output of 'slapcat -b cn=config': > > dn: cn=module{2},cn=config > objectClass: olcModuleList > cn: module{2} > olcModulePath: /usr/lib/ldap/ > olcModuleLoad: {0}unique.la > structuralObjectClass: olcModuleList > > ... > > dn: olcOverlay={1}unique,olcDatabase={1}mdb,cn=config > objectClass: olcOverlayConfig > objectClass: olcUniqueConfig > olcOverlay: {1}unique > olcUniqueURI: ldap:///?uid?sub? > olcUniqueURI: ldap:///?mail?sub? > olcUniqueURI: ldap:///?uidNumber?sub? > olcUniqueURI: ldap:///?sn?sub? > olcUniqueURI: ldap:///?cn?sub? > olcUniqueURI: ldaps:///?uid?sub? > olcUniqueURI: ldaps:///?mail?sub? > olcUniqueURI: ldaps:///?uidNumber?sub? > olcUniqueURI: ldaps:///?sn?sub? > olcUniqueURI: ldaps:///?cn?sub? > > ... > > dn: olcDatabase={1}mdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMdbConfig > olcDatabase: {1}mdb > olcDbDirectory: /var/lib/ldap > olcSuffix: dc=hu > ... > olcDbIndex: objectClass eq > olcDbIndex: cn,uid eq > olcDbIndex: uidNumber,gidNumber eq > olcDbIndex: member,memberUid eq > olcDbIndex: mail eq > olcDbIndex: sn eq > any idea? Thanks, a.