LDAP memberOf (cn=config) Howto?

SUSE Linux Enterprise Server SLES Configure-Administer
1

I am using SLES 11 with LDAP for our Samba PDC. We have mainly been
using Yast for the LDAP configuration.
But now we want to add the attribute memberOf because we need this to
have our Cisco ASA5505 to get users and groups from our LDAP.
I have found numerous documentation of how to do this with the old
slapd.conf.
The problem is that our LDAP doesn’t use slapd.conf, instead it stores
the config in the LDAP itself (cn=config).

I can’t seem to figure out how this works. I can’t even get a
LDAP-browser to see the Config in our LDAP itself.
So how can this be done?


andreas9992

andreas9992’s Profile: http://forums.novell.com/member.php?userid=117386
View this thread: http://forums.novell.com/showthread.php?t=445695

2

Hi Andreas,

getting the LDAP browser to see the config tree should be fairly easy:
With a typical configuration (e.g. if you see a directory
“/etc/openldap/slapd.d/cn=config”), use basedn ¨cn=config" and the
credentials set in the (olcDatabase=config) database (see attributes
“olcRootDN” and “olcRootPW” in
“/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif” or
similar).

Regards,
Jens


from the times when today’s “old school” was “new school” :eek:

jmozdzen’s Profile: http://forums.novell.com/member.php?userid=32246
View this thread: http://forums.novell.com/showthread.php?t=445695

3

andreas9992;2142067 Wrote:[color=blue]

I am using SLES 11 with LDAP for our Samba PDC. We have mainly been
using Yast for the LDAP configuration.
But now we want to add the attribute memberOf because we need this to
have our Cisco ASA5505 to get users and groups from our LDAP.
I have found numerous documentation of how to do this with the old
slapd.conf.
The problem is that our LDAP doesn’t use slapd.conf, instead it stores
the config in the LDAP itself (cn=config).

I can’t seem to figure out how this works. I can’t even get a
LDAP-browser to see the Config in our LDAP itself.
So how can this be done?[/color]
‘OpenLDAP Software 2.4 Administrator’s Guide: Configuring slapd’
(http://www.openldap.org/doc/admin24/slapdconf2.html)


MoserHans

MoserHans’s Profile: http://forums.novell.com/member.php?userid=53101
View this thread: http://forums.novell.com/showthread.php?t=445695

4

I added the memberOf overlay on openSUSE 11.4 by creating these files
and directories in /etc/openldap/slapd.d

FILE: cn\=config/cn\=module\{0\}.ldif

Code:

dn: cn=module{0}
objectClass: olcModuleList
cn: modulea{0}
olcModulepath: /usr/lib/openldap/modules
olcModuleload: {0}memberof.la
structuralObjectClass: olcModuleList

FILE: cn\=config/olcDatabase\=\{1\}bdb/olcOverlay\=\{0\}memberof.ldif

Code:

dn: olcOverlay={0}memberof
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {0}memberof
structuralObjectClass: olcMemberOf

Once in place you need to restart slapd (/etc/init.d/ldap restart) and
then you must remove all members from your groupOfNames and re-add them
to create the association.

andreas9992;2142067 Wrote:[color=blue]

I am using SLES 11 with LDAP for our Samba PDC. We have mainly been
using Yast for the LDAP configuration.
But now we want to add the attribute memberOf because we need this to
have our Cisco ASA5505 to get users and groups from our LDAP.
I have found numerous documentation of how to do this with the old
slapd.conf.
The problem is that our LDAP doesn’t use slapd.conf, instead it stores
the config in the LDAP itself (cn=config).

I can’t seem to figure out how this works. I can’t even get a
LDAP-browser to see the Config in our LDAP itself.
So how can this be done?[/color]


sirhalstead

sirhalstead’s Profile: http://forums.novell.com/member.php?userid=118589
View this thread: http://forums.novell.com/showthread.php?t=445695