docker-openldap icon indicating copy to clipboard operation
docker-openldap copied to clipboard

Published 20 hours ago verified publisher icon dinkel

how do I configure memberOf?

Open awaragi opened this issue 8 years ago • 7 comments

Hi. Thank you for great image. Really helpful.

I need help with my setup. I have a very simple one. Nothing complicated. I've looked into the issue about memberOf issue and I can't wrap my head around a solution.

I have LDIF file that I store in a prepopulate folder. The file is very simple two users, only one belongs to the application group (groupOfUniqueNames). The file is hosted at http://pastebin.com/VwfJkQKi

Here is the docker-compose configuration I am using openldap: image: dinkel/openldap ports: - "636:636" - "389:389" volumes: - "./containers/prepopulate/ldap:/etc/ldap.dist/prepopulate:ro" environment: - SLAPD_DOMAIN=test - SLAPD_PASSWORD=admin - SLAPD_CONFIG_PASSWORD=config - SLAPD_ADDITIONAL_MODULES=memberof

simple search for uid=two works perfect.

My Objective/requirement: I want to be able to execute a simple query with membership (&(uid=two)(memberOf=cn=application,ou=apps,dc=test)). It does not work.

Can you please help/advise?

awaragi avatar Jan 27 '17 00:01 awaragi

Have you tried to import the directory of users first that the GroupOfName directory? In my case I needed do that for use memberOf correctly.

joariasl avatar Feb 16 '17 19:02 joariasl

I am afraid that I don't clearly understand your instructions. I am a bit of noob when it comes to ldap.

awaragi avatar Feb 16 '17 20:02 awaragi

Maybe your problem it's becouse you are importing data into OpenLDAP, you need create first the member and after the groupOfNames. For security LDAP no associate the member added after of a groupOfNames. For example if you delete a member to the LDAP and this are member of a groupOfNames, to the moment of insert a new member with the same DN, this are not associed to the group, becouse it's a no explicit association. So, you need add first the users and after the groupOfNames or configure your LDAP for disable this security option.

joariasl avatar Feb 17 '17 19:02 joariasl

This is an example for run your OpenLDAP container:

docker run --name openldap -d -p 389:389 \
    -e SLAPD_PASSWORD=YourPassword \
    -e SLAPD_DOMAIN=domain.com \
    -e SLAPD_ORGANIZATION=YourBussinesName \
    -e SLAPD_ADDITIONAL_MODULES=memberof \
    --volume openldap-conf:/etc/ldap \
    --volume openldap-data:/var/lib/ldap \
    dinkel/openldap

The important paramter is: -e SLAPD_ADDITIONAL_MODULES=memberof

joariasl avatar Feb 17 '17 20:02 joariasl

Are you sure memberof work? if you do an ldapsearch like : ldapsearch -x -p 389 -h 127.0.0.1 -b "ou=People,dc=exemple,dc=com" -LLL uid=youruid memberof do you see the groups?

xgodon avatar Apr 28 '17 14:04 xgodon

Have given up on it working. For me the docket container was for local development so not the end of the world just very annoying

awaragi avatar Apr 28 '17 14:04 awaragi

It works, but you have to use groupOfNames instead of groupOfUniqueNames

hlavki avatar Jun 09 '17 21:06 hlavki