Symas OpenLDAP Knowledge Base

Replace slapo memberOf with slapo dyngroup

Add new schema files (Symas OpenLDAP versions below 2.4.45)

Add: “/opt/symas/etc/openldap/schema/memberof.schema”

attributetype ( 1.2.840.113556.1.2.102
        NAME 'memberOf'
        DESC 'Group that the entry belongs to'
        EQUALITY distinguishedNameMatch
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.12'
        )

Add: “/opt/symas/etc/openldap/schema/dyngroup-memberof.schema”

objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
        NAME 'memberOfOC'
        SUP top
        AUXILIARY
        MUST ( memberOf )
        )

objectClass ( NetscapeLDAPobjectClass:33
    NAME 'groupOfURLs'
    SUP top AUXILIARY
    MUST cn
    MAY ( memberURL $ businessCategory $ description $ o $ ou $
    owner $ seeAlso ) 
    )

Example configuration: Note: Remove the memberOf module load and memberOf overlay configurations

....
include "/opt/symas/etc/openldap/schema/memberof.schema"
include "/opt/symas/etc/openldap/schema/dyngroup-memberof.schema"
....
moduleload      dynlist.la
....

database mdb
....
index memberOf
...

overlay dynlist
dynlist-attrset groupOfUrls memberURL member

User Creation

All user entries must have “groupOfURLs” as an objectClass and must have a memberURL attribute in the following format:

memberURL: ldap:///<suffix>??sub?(member=<user DN>)

Example:

dn: cn=Marice McCaugherty,ou=Product Testing,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: groupOfURLs
memberURL: ldap:///dc=example,dc=com??sub?(member=cn=Marice McCaugherty,ou=Product Testing,dc=example,dc=com)
memberOf: cn=testgroup,ou=Group,dc=example,dc=com
memberOf: cn=alttestgroup,ou=Group,dc=example,dc=com