Jorge, Not using posixGroup is a bug indeed, in my opinion, but the memberOf attribute should still be used unless you configered something for that as well.
On Fri, Nov 12, 2021 at 6:42 PM Jorge Luiz Correa <jorge.l.cor...@embrapa.br.invalid> wrote: > Hi! In my tests I couldn't use posixGroups, even changing the > ldap.group.object configuration. The query is always in the format: > > > (&(objectClass=inetOrgPerson)(uid=userone)(|(memberOf=cn=groupaccount1,ou=groups,dc=domain))) > > Looking for the memberOf attribute in the user entity is the problem. I'm > using inetOrgPerson and no memberOf attribute exists. The only way I found > to make this configuration work was to enable the RFC2307bis schema > (replacing NIS schema), so my groups could be made of type posixGroup AND > groupOfNames. This RFC permits that groups can be of these two types. Then, > I had to enable the LDAP "overlay module" with member: attribute to keep > referential integrity between groups and users. Groups now have the member: > attribute synchronized with users memberOf: attribute. > > With these changes my LDAP server can answer queries with memberOf= > filters. > > To Cloustack work with posixGroups I think the code should make different > queries when the administrator configures ldap.group.object: posixGroup, > not using memberOf. > > Thank you! > :) > > -- > __________________________ > Aviso de confidencialidade > > Esta mensagem da > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica > federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro > de 1972, e enviada exclusivamente a seu destinatario e pode conter > informacoes confidenciais, protegidas por sigilo profissional. Sua > utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei. > Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao > emitente, esclarecendo o equivoco. > > Confidentiality note > > This message from > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government > company established under Brazilian law (5.851/72), is directed > exclusively to its addressee and may contain confidential data, > protected under professional secrecy rules. Its unauthorized use is > illegal and may subject the transgressor to the law's penalties. If you > are not the addressee, please send it back, elucidating the failure. > -- Daan
