Re: Search memberOf
As I mentioned, memberOf is a operational attribute type, syntax is 'distinguishedName'. Are there any modifiable operational attributetypes in your sql database at all? Is rootDN able to write and modify attribute types? -Dieter Am Thu, 9 Aug 2018 12:22:55 +0200 schrieb Arianna Milazzo : > I have a "member" table defined as: > id (= id record) - gid (= group id) - pers_id (= person id) > > the others table involved are "groups" table (gid - name - cn - dn) > and persons (id - name - surname - .) [where id is same of keyval > in ldap_entries] > > > > 2018-08-08 19:20 GMT+02:00 Dieter Klünter : > > > Am Wed, 8 Aug 2018 15:19:23 +0200 > > schrieb Arianna Milazzo : > > > > > Ok, I understand that it isn't supported, but at the moment I > > > can't try other solutions. > > > And since that aside from that filter, the rest works, I don't > > > want to give up like that. > > > > > > Infact if I look for the following values (then on the groups) > > > Search base: cn=groupname,ou=group,dc=pigreco,dc=it > > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > > I get if Name Surname is part of the groupname group > > > > > > If I search > > > Search base: dc=pigreco,dc=it > > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > > I get the list of which groups Name Surname belongs > > > > > > *But with this (then on the people)* > > > Search base: dc=pigreco,dc=it > > > Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it) > > > > > > > > > *I have no result and in the log I read:get_ava: illegal value for > > > attributeType memberof* > > > > please note that memberOf attributetype is defined as: > > > > ( 1.2.840.113556.1.2.102 " > > "NAME 'memberOf' " > > "DESC 'Group that the entry belongs to' " > > "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " > > "EQUALITY distinguishedNameMatch " > > "USAGE dSAOperation " > > "NO-USER-MODIFICATION " > > ) > > do you have defined any table for this sort of operational > > attributes. > > > > -Dieter > > > > -- > > Dieter Klünter | Systemberatung > > http://sys4.de > > GPG Key ID: E9ED159B > > 53°37'09,95"N > > 10°08'02,42"E > > > > -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
Re: Search memberOf
I have a "member" table defined as: id (= id record) - gid (= group id) - pers_id (= person id) the others table involved are "groups" table (gid - name - cn - dn) and persons (id - name - surname - .) [where id is same of keyval in ldap_entries] 2018-08-08 19:20 GMT+02:00 Dieter Klünter : > Am Wed, 8 Aug 2018 15:19:23 +0200 > schrieb Arianna Milazzo : > > > Ok, I understand that it isn't supported, but at the moment I can't > > try other solutions. > > And since that aside from that filter, the rest works, I don't want > > to give up like that. > > > > Infact if I look for the following values (then on the groups) > > Search base: cn=groupname,ou=group,dc=pigreco,dc=it > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > I get if Name Surname is part of the groupname group > > > > If I search > > Search base: dc=pigreco,dc=it > > Filter: (member=cn=Name Surname,ou=people,dc=pigreco,dc=it) > > I get the list of which groups Name Surname belongs > > > > *But with this (then on the people)* > > Search base: dc=pigreco,dc=it > > Filter: (memberOf=cn=groupname,ou=group,dc=pigreco,dc=it) > > > > > > *I have no result and in the log I read:get_ava: illegal value for > > attributeType memberof* > > please note that memberOf attributetype is defined as: > > ( 1.2.840.113556.1.2.102 " > "NAME 'memberOf' " > "DESC 'Group that the entry belongs to' " > "SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' " > "EQUALITY distinguishedNameMatch " > "USAGE dSAOperation " > "NO-USER-MODIFICATION " > ) > do you have defined any table for this sort of operational attributes. > > -Dieter > > -- > Dieter Klünter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E > >
Re: Unique overlay confusing
Hi there,
sorry for the reply,
On Wed, Aug 08, 2018 at 01:26:28PM +0200, Ervin Hegedüs wrote:
> Hi Michael,
>
> On Wed, Aug 08, 2018 at 12:51:53PM +0200, Michael Ströder wrote:
> > On 8/8/18 12:46 PM, Ervin Hegedüs wrote:
> > >On Wed, Aug 08, 2018 at 12:36:06PM +0200, Michael Ströder wrote:
> > >>*and*
> > >>re-index the DB?
> > >
> > >no. (never)
> >
> > Please check whether the search (mail=f...@example.com) really returns the
> > existing entries.
>
> # slapindex -n 1
> ...
>
> # ... modified the entry's mail to an existing one...
>
> # ldapsearch -vvv -x -H ldaps://dev-ldap-01:636 -b "dc=hu" -D "admin..." -w
> "mail=airw...@company.hu" | grep ^mail
> ldap_initialize( ldaps://dev-ldap-01:636/??base )
> Enter LDAP Password:
> filter: mail=airw...@company.hu
> requesting: All userApplication attributes
> mail: airw...@company.hu
> mail: airw...@company.hu
>
> (there are two entries)
>
> # ... rollback the modification ...
>
> # ldapsearch -vvv -x -H ldaps://dev-ldap-01:636 -b "dc=hu" -D "admin..." -w
> "mail=airw...@company.hu" | grep ^mail
> ldap_initialize( ldaps://dev-ldap-01:636/??base )
> Enter LDAP Password:
> filter: mail=airw...@company.hu
> requesting: All userApplication attributes
> mail: airw...@company.hu
>
> (there is only one entry)
>
>
> relevant output of 'slapcat -b cn=config':
>
> dn: cn=module{2},cn=config
> objectClass: olcModuleList
> cn: module{2}
> olcModulePath: /usr/lib/ldap/
> olcModuleLoad: {0}unique.la
> structuralObjectClass: olcModuleList
>
> ...
>
> dn: olcOverlay={1}unique,olcDatabase={1}mdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcUniqueConfig
> olcOverlay: {1}unique
> olcUniqueURI: ldap:///?uid?sub?
> olcUniqueURI: ldap:///?mail?sub?
> olcUniqueURI: ldap:///?uidNumber?sub?
> olcUniqueURI: ldap:///?sn?sub?
> olcUniqueURI: ldap:///?cn?sub?
> olcUniqueURI: ldaps:///?uid?sub?
> olcUniqueURI: ldaps:///?mail?sub?
> olcUniqueURI: ldaps:///?uidNumber?sub?
> olcUniqueURI: ldaps:///?sn?sub?
> olcUniqueURI: ldaps:///?cn?sub?
>
> ...
>
> dn: olcDatabase={1}mdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMdbConfig
> olcDatabase: {1}mdb
> olcDbDirectory: /var/lib/ldap
> olcSuffix: dc=hu
> ...
> olcDbIndex: objectClass eq
> olcDbIndex: cn,uid eq
> olcDbIndex: uidNumber,gidNumber eq
> olcDbIndex: member,memberUid eq
> olcDbIndex: mail eq
> olcDbIndex: sn eq
>
any idea?
Thanks,
a.
