Am Fri, 11 Apr 2014 15:47:34 +1000
schrieb Fred Snilees fredsnil...@gmail.com:
Hi
I am trying to get slapo-rwm module working in a cn=config setup
I have openldap with a local DB and ldap database backing onto a MS
AD DB
I am trying to rewrite objectclass group to groupOfUniqueNames
When retrieving large group memberships from AD you must use Microsoft's
implementation of ranging. When the group membership exceeds the limit
established in the domain controller (usually 1500 users) AD returns an empty
result set in the member attribute and then adds a new attribute
Sankar P wrote:
The group whose SID that I am trying to take is the default Domain
Users group. The ldapsearch query too fails for that but for any
other custom groups, the membership information is printed. So is
there a different style that we should follow for getting the Domain
Users
Domain Users is not necessarily a primary group. Any group can be the primary
group for a user. Primary group membership is stored as an attribute of the
user and is not reflected in the member collection for a group or the memberOf
collection for the user. Primary groups are a Windows NT
Couple of quick corrections.
Primary Groups are in Windows for UNIX/POSIX type use; it had nothing to do
with hybrid NT/AD domains. Windows nor Windows NT really didn't care about
that value; 99%+ Windows environments that I have seen (literally
thousands) the primarygroup ID is Domain Users with
Hi
Sorry work in progress
This is the ldif file I see to try and add rwm for a ldap backed DB
dn: olcOverlay=rwm,olcDatabase={1}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: rwm
olcRwmRewrite: rwm-rewriteEngine on
olcRwmMap: {1}objectClass
Did some more testing
before i enable RWM i can do this
ldapsearch -h ldap1 -D cn=god,DC=snilees,DC=com -x -w XXX -b
dc=snilees,dc=com '(|((objectclass=groupOfUniqueNames)(o=fd))(cn=All
Staff))' member
and I can see all the member of the group
after I add the RWM and run the same
