PDA

View Full Version : LDAP memberOf (cn=config) Howto?



andreas9992
28-Sep-2011, 15:46
I am using SLES 11 with LDAP for our Samba PDC. We have mainly been
using Yast for the LDAP configuration.
But now we want to add the attribute memberOf because we need this to
have our Cisco ASA5505 to get users and groups from our LDAP.
I have found numerous documentation of how to do this with the old
slapd.conf.
The problem is that our LDAP doesn't use slapd.conf, instead it stores
the config in the LDAP itself (cn=config).

I can't seem to figure out how this works. I can't even get a
LDAP-browser to see the Config in our LDAP itself.
So how can this be done?


--
andreas9992
------------------------------------------------------------------------
andreas9992's Profile: http://forums.novell.com/member.php?userid=117386
View this thread: http://forums.novell.com/showthread.php?t=445695

jmozdzen
29-Sep-2011, 15:46
Hi Andreas,

getting the LDAP browser to see the config tree should be fairly easy:
With a typical configuration (e.g. if you see a directory
"/etc/openldap/slapd.d/cn=config"), use basedn Ęcn=config" and the
credentials set in the (olcDatabase=config) database (see attributes
"olcRootDN" and "olcRootPW" in
"/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" or
similar).

Regards,
Jens


--
from the times when today's "old school" was "new school" :eek:
------------------------------------------------------------------------
jmozdzen's Profile: http://forums.novell.com/member.php?userid=32246
View this thread: http://forums.novell.com/showthread.php?t=445695

MoserHans
29-Sep-2011, 16:16
andreas9992;2142067 Wrote:
> I am using SLES 11 with LDAP for our Samba PDC. We have mainly been
> using Yast for the LDAP configuration.
> But now we want to add the attribute memberOf because we need this to
> have our Cisco ASA5505 to get users and groups from our LDAP.
> I have found numerous documentation of how to do this with the old
> slapd.conf.
> The problem is that our LDAP doesn't use slapd.conf, instead it stores
> the config in the LDAP itself (cn=config).
>
> I can't seem to figure out how this works. I can't even get a
> LDAP-browser to see the Config in our LDAP itself.
> So how can this be done?
'OpenLDAP Software 2.4 Administrator's Guide: Configuring slapd'
(http://www.openldap.org/doc/admin24/slapdconf2.html)


--
MoserHans
------------------------------------------------------------------------
MoserHans's Profile: http://forums.novell.com/member.php?userid=53101
View this thread: http://forums.novell.com/showthread.php?t=445695

sirhalstead
21-Oct-2011, 23:46
I added the memberOf overlay on openSUSE 11.4 by creating these files
and directories in /etc/openldap/slapd.d

FILE: cn\=config/cn\=module\{0\}.ldif

Code:
--------------------
dn: cn=module{0}
objectClass: olcModuleList
cn: modulea{0}
olcModulepath: /usr/lib/openldap/modules
olcModuleload: {0}memberof.la
structuralObjectClass: olcModuleList
--------------------


FILE: cn\=config/olcDatabase\=\{1\}bdb/olcOverlay\=\{0\}memberof.ldif

Code:
--------------------
dn: olcOverlay={0}memberof
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {0}memberof
structuralObjectClass: olcMemberOf
--------------------


Once in place you need to restart slapd (/etc/init.d/ldap restart) and
then you must remove all members from your groupOfNames and re-add them
to create the association.

andreas9992;2142067 Wrote:
> I am using SLES 11 with LDAP for our Samba PDC. We have mainly been
> using Yast for the LDAP configuration.
> But now we want to add the attribute memberOf because we need this to
> have our Cisco ASA5505 to get users and groups from our LDAP.
> I have found numerous documentation of how to do this with the old
> slapd.conf.
> The problem is that our LDAP doesn't use slapd.conf, instead it stores
> the config in the LDAP itself (cn=config).
>
> I can't seem to figure out how this works. I can't even get a
> LDAP-browser to see the Config in our LDAP itself.
> So how can this be done?


--
sirhalstead
------------------------------------------------------------------------
sirhalstead's Profile: http://forums.novell.com/member.php?userid=118589
View this thread: http://forums.novell.com/showthread.php?t=445695