Skip to content

Defaults for memberof moduleΒ #135

New issue
New issue
Open
Open
Defaults for memberof module#135
Labels
OpenLDAPquestion
@rhelms

Description

@rhelms
rhelms
opened on Aug 14, 2017

The slapo-memberof(5) man page (http://www.openldap.org/software/man.cgi?query=slapo-memberof&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release) for OpenLDAP 2.4 states defaults used for memberof-group-of (groupOfNames), memberof-member-ad (member) and memberof-member-ad (memberOf).

While it's good that the docker image defaults with the module enabled, and the refint module also enabled for referential integrity (which is FALSE by default), changing the olcMemberOfGroupOC and olcMemberOfMemberAD values to something else means anyone attempting to do the default for the OpenLDAP 2.4 package needs to provide a custom ldif to put the functionality back the way it was.

So far, my attempts to use the following have been met with failure:

dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcMemberOfGroupOC
olcMemberOfGroupOC: groupOfNames
-
replace: olcMemberOfMemberAD
olcMemberOfMemberAD: member

There are my logs with debugging turned up, starting just after it has been established that access is allowed:

source-ldap             | 59911f0d slap_queue_csn: queueing 0x7ff958002630 20170814035453.414143Z#000000#000#000000
source-ldap             | 59911f0d oc_check_required entry (olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config), objectClass "olcMemberOf"
source-ldap             | 59911f0d oc_check_allowed type "objectClass"
source-ldap             | 59911f0d oc_check_allowed type "olcOverlay"
source-ldap             | 59911f0d oc_check_allowed type "olcMemberOfDangling"
source-ldap             | 59911f0d oc_check_allowed type "olcMemberOfRefInt"
source-ldap             | 59911f0d oc_check_allowed type "olcMemberOfMemberOfAD"
source-ldap             | 59911f0d oc_check_allowed type "structuralObjectClass"
source-ldap             | 59911f0d oc_check_allowed type "entryUUID"
source-ldap             | 59911f0d oc_check_allowed type "creatorsName"
source-ldap             | 59911f0d oc_check_allowed type "createTimestamp"
source-ldap             | 59911f0d oc_check_allowed type "olcMemberOfGroupOC"
source-ldap             | 59911f0d oc_check_allowed type "olcMemberOfMemberAD"
source-ldap             | 59911f0d oc_check_allowed type "entryCSN"
source-ldap             | 59911f0d oc_check_allowed type "modifiersName"
source-ldap             | 59911f0d oc_check_allowed type "modifyTimestamp"
source-ldap             | 59911f0d send_ldap_result: conn=1025 op=1 p=3
source-ldap             | 59911f0d send_ldap_result: err=80 matched="" text=""
source-ldap             | 59911f0d send_ldap_response: msgid=2 tag=103 err=80
source-ldap             | ber_flush2: 14 bytes to sd 16
source-ldap             |   0000:  30 0c 02 01 02 67 07 0a  01 50 04 00 04 00         0....g...P....    
source-ldap             | ldap_write: want=14, written=14
source-ldap             |   0000:  30 0c 02 01 02 67 07 0a  01 50 04 00 04 00         0....g...P....    
source-ldap             | 59911f0d conn=1025 op=1 RESULT tag=103 err=80 text=
source-ldap             | 59911f0d slap_graduate_commit_csn: removing 0x7ff958002630 20170814035453.414143Z#000000#000#000000

Metadata

Metadata

Assignees

No one assigned

    Labels

    OpenLDAPquestion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions