0

I'm using CentOs 6.x 64 bit version and I'm trying to set the memberof attributes for the memberof overlay in openldap, but it doesn't appear to be working. I'm sure it's something I'm doing, but I haven't found out why.

A snippet from my backup ldif look like this:

dn: dc=two,dc=example,dc=com
description: Example.Com, your trusted non-existent corporation.
dc: two
o: Two.Example.Com
objectClass: top
objectClass: dcObject
objectClass: organization
structuralObjectClass: organization
entryUUID: db07fc76-375c-1034-9316-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.520657Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: ou=Users,dc=two,dc=example,dc=com
ou: Users
description: Two.Example.Com Users
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: db0fb5ba-375c-1034-9317-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.571271Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: ou=Groups,dc=two,dc=example,dc=com
ou: Groups
description: Two.Example.Com Groups
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: db13850a-375c-1034-9318-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.596246Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: ou=System,dc=two,dc=example,dc=com
ou: System
description: Special accounts usedd by software applications.
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: db161c5c-375c-1034-9319-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.613008Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: uid=matt2,ou=Users,dc=two,dc=example,dc=com
ou: Users
cn: Matt2 Butcher
sn: Butcher
givenName: Matt2
givenName: Matthew2
displayName: Matt2 Butcher
title: Systems Integrator
description: Systems Integration and IT for Example.Com
employeeType: Employee
departmentNumber: 001
employeeNumber: 001-08-98
mail: mbutcher2@ two.example.com
mail: matt2@ two.example.com
roomNumber: 301
telephoneNumber: + 1 555 555 4321
mobile: + 1 555 555 6789
st: Illinois
l: Chicago
street: 1234 Cicero Ave.
homePhone: + 1 555 555 9876
homePostalAddress: 1234 home street $ Chicago, IL $ 60699-1234
preferredLanguage: en-us, en-gb
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
uid: matt2
entryUUID: db1758d8-375c-1034-931a-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
userPassword:: c2VjcmV0Mg==
entryCSN: 20150212215925.305826Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212215925Z

dn: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
ou: Users
uid: barbara2
sn: Jensen
cn: Barbara2 Jensen
givenName: Barbara
displayName: Barbara2 Jensen
mail: barbara@ two.example.com
userPassword:: c2VjcmV0Mg==
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: db1b2904-375c-1034-931b-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.646304Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: cn=LDAP Admins,ou=Groups,dc=two,dc=example,dc=com
cn: LDAP Admins
ou: Groups
description: Users who are LDAP administrators
uniqueMember: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
uniqueMember: uid=matt2,ou=Users,dc=two,dc=example,dc=com
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: db1c6a26-375c-1034-931c-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150212205145.765939Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212205145Z

dn: uid=authenticate,ou=System,dc=two,dc=example,dc=com
uid: authenticate
ou: System
description: Special account for authenticating users
userPassword:: c2VjcmV0Mg==
objectClass: account
objectClass: simpleSecurityObject
structuralObjectClass: account
entryUUID: db1dbbe2-375c-1034-931d-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.663007Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: cn=PentahoAdmin,dc=two,dc=example,dc=com
cn: PentahoAdmin
description: PentahoAdmin Group
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: a2b8ea68-45aa-1034-9bad-9b580235c5b1
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150210195624Z
uniqueMember: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
entryCSN: 20150212205241.018162Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212205241Z

dn: cn=PentahoPowerUser,dc=two,dc=example,dc=com
cn: PentahoPowerUser
description: PentahoPowerUser Group
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: a2bd52f6-45aa-1034-9bae-9b580235c5b1
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150210195624Z
uniqueMember: uid=matt2,ou=Users,dc=two,dc=example,dc=com
entryCSN: 20150212205232.847745Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212205232Z

dn: cn=PentahoUser,dc=two,dc=example,dc=com
cn: PentahoUser
uniqueMember: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
uniqueMember: uid=matt2,ou=Users,dc=two,dc=example,dc=com
uniqueMember: uid=test1,ou=People,dc=two,dc=example,dc=com
description: PentahoUser Group
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: a2be5214-45aa-1034-9baf-9b580235c5b1
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150210195624Z
entryCSN: 20150220200228.971207Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150220200228Z

dn: ou=Group,dc=two,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
structuralObjectClass: organizationalUnit
entryUUID: 5f75e188-480d-1034-84d8-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
entryCSN: 20150213204813.728965Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150213204813Z

dn: ou=People,dc=two,dc=example,dc=com
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 5f79f37c-480d-1034-84d9-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
entryCSN: 20150213204813.755642Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150213204813Z

dn: uid=test1,ou=People,dc=two,dc=example,dc=com
objectClass: account
uid: test1
structuralObjectClass: account
entryUUID: 5f7af9e8-480d-1034-84da-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
entryCSN: 20150213204813.762359Z#000000#000#000000
modifyTimestamp: 20150213204813Z
memberOf: cn=testgroup,ou=Group,dc=two,dc=example,dc=com
memberOf: cn=PentahoUser,dc=two,dc=example,dc=com
modifiersName: cn=Manager,dc=two,dc=example,dc=com

dn: cn=testgroup,ou=Group,dc=two,dc=example,dc=com
objectClass: groupOfNames
cn: testgroup
structuralObjectClass: groupOfNames
entryUUID: 5f7c3fce-480d-1034-84db-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
member: uid=test1,ou=People,dc=two,dc=example,dc=com
entryCSN: 20150213213917.067904Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150213213917Z

My slapd.conf snippet looks like this:

##########################
# Database Configuration #
##########################
database hdb
suffix "dc=two,dc=example,dc=com"
rootdn "cn=Manager,dc=two,dc=example,dc=com"
rootpw secret2
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq

overlay memberof

memberof-group-oc groupOfUniqueNames
memberof-member-ad uniqueMember
memberof-refint true

When I perform an ldapsearch for uid=test1 and request the memberOf attribute it returns two groups. But, When I perform the same search for uid=barbara2 is doesn' return anything.

What am I doing wrong? Why does it appear that the memberof attributes in my slapd.conf are being ignored?

4

1 回答 1

0

该属性仅针对安装后执行的新条目或更新进行维护。它对现有条目没有任何作用。如果你想让它们工作,你必须转储并重新加载 DIT。

于 2015-02-20T22:17:34.537 回答