Changes

Page history
Update Enabling openldap memberof authored by Armin Felder's avatar Armin Felder
Hide whitespace changes
Inline Side-by-side
Enabling-openldap-memberof.md
View page @ a83996ee
1. Create `memberof_config.ldif` file 1. Create `memberof_config.ldif` file
```ldif ```ldif
dn: cn=module,cn=config dn: cn=module,cn=config
cn: module cn: module
objectClass: olcModuleList objectClass: olcModuleList
olcModuleLoad: memberof olcModuleLoad: memberof
olcModulePath: /usr/lib/ldap olcModulePath: /usr/lib/ldap
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig objectClass: olcConfig
objectClass: olcMemberOf objectClass: olcMemberOf
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: top objectClass: top
olcOverlay: memberof olcOverlay: memberof
olcMemberOfDangling: ignore olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf olcMemberOfMemberOfAD: memberOf
``` ```
2. Create `refint1.ldif` file 2. Create `refint1.ldif` file
```ldif ```ldif
dn: cn=module{1},cn=config dn: cn=module{1},cn=config
add: olcmoduleload add: olcmoduleload
olcmoduleload: refint olcmoduleload: refint
``` ```
3. Create `refint2.ldi` file 3. Create `refint2.ldi` file
```ldif ```ldif
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig objectClass: olcConfig
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: olcRefintConfig objectClass: olcRefintConfig
objectClass: top objectClass: top
olcOverlay: {1}refint olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner olcRefintAttribute: memberof member manager owner
``` ```
4. To set up the memberof module and configure it, run this command: 4. To set up the memberof module and configure it, run this command:
``` ```bash
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif
``` ```
5. To load and configure the refint module 5. To load and configure the refint module
``` ```bash
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint1.ldif sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint1.ldif
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint2.ldif sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint2.ldif
``` ```
>Every group created before this module is enabled has to be deleted and remade in order for these changes to take effect. LDAP assigns a "member" attribute behind the scenes to existing users when creating a group. >Every group created before this module is enabled has to be deleted and remade in order for these changes to take effect. LDAP assigns a "member" attribute behind the scenes to existing users when creating a group.
\ No newline at end of file

gitlab project and software management by fairkom.eu - more open source web apps at fairapps.net