On 10/22/2015 08:15 PM, Naveen Gangam wrote:
> Hi Emmauel,
> Thanks for the info.
>
> I am not certain with what the most reliable attribute name is across all
> LDAP implementations but I thought it was "dn" until I saw some Active
> Directory DIT's, dn was not used at all. It was "distinguishedName"
> instead.
>
> Hive's Atn provider performs ldap searches for groups/users based on object
> class but only retrieves the "distinguishedName" from the matching ldap
> entries (to save bandwidth in retrieving all the attribute values for
> matching ldap entries).
>
> But in your opinion, is attribute "dn" more of a standard?
The "dn" is always the first line in an LDIF record, however it is not
an attribute but its the entry's name. If you only want to retireve the
dn of an entry without any attribute you can set the list of returned
attributes to "1.1", then only the dn is retrieved. Don't deal with "dn"
or "distinguishedName" attribute.
> Also how do I define Groups and assign users to groups with ApacheDS?
> memberOf does not seem to work.
>
> "dn: cn=user2,ou=People,dc=example,dc=com",
> "objectClass: inetOrgPerson",
> "objectClass: person",
> "objectClass: top",
> "givenName: Test2",
> "cn: Test User2",
> "sn: user2",
> "uid: user2",
> "userPassword: user2",
> "memberOf: cn=group2,ou=groups,dc=example,dc=com"
ApacheDS does not support memberOf attribute. You have to do it the
other way around: Create a group object and add the user's dn as
"member" there. Like this (untested):
dn: cn=group2,ou=groups,dc=example,dc=com
objectclass: groupOfNames
objectclass: top
cn: group2
member: cn=user2,ou=People,dc=example,dc=com
Kind Regards,
Stefan
