memberof not working with ldapmodify

Question

I have an openldap instance with the memberof and refint modules configured.

The memberof overlay is configured like this:

dn: cn=module{1},cn=config
cn: module{1}
objectClass: olcModuleList
olcModuleLoad: memberof
olcModulePath: /usr/lib64/openldap

dn: olcOverlay={1}memberof,olcDatabase={1}bdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: customGroup
olcMemberOfMemberAD: member
olcmemberOfMemberOfAD: memberof
#olcMemberof-dangling-error:
#olcMemberof-dn:

The refint overlay is configured like this:

dn: olcOverlay={1}refint,olcDatabase={1}bdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member

I created a user john and a group of objectClass customGroup. My groupmembership attribute is set to default, which is member.

When I create the group and with john, everything works fine and my ldapsearch command returns the memberof attribute of the user john.

But when I create an empty group and add john afterwards with the ldapmodify command, the memberof overlay does not fire and the ldapsearch command does not return the memberof attribute.

Is this the intended behaviour? I thought the refint overlay would handle the modifications on the group. How do I configure the modules correctly, so that they will return the memberof attribute?

score 0 · Answer 1 · answered May 17 '17 at 07:05

0

Every overlay has to be loaded. Try to add to the entry

dn: cn=module{1},cn=config
cn: module{1}

The attribute :

olcModuleLoad: refint

answered May 17 '17 at 07:05

Esteban

286
1
7

memberof not working with ldapmodify

1 Answers1