openldap icon indicating copy to clipboard operation
openldap copied to clipboard

Published 20 hours ago verified publisher icon mwaeckerlin

MEMBEROF=1 not working

Open acislik opened this issue 7 years ago • 3 comments
trafficstars

Hi,

I tried to to set "MEMBEROF=1" but it doesn't work:

openldap_1  | 5af71a77 lt_dlopenext failed: (refint) file not found
openldap_1  | slapcat: bad configuration file!
docker_openldap_1 exited with code 1

Looking at the "slapd.conf" it tries to load the Module "refint"

modulepath  /usr/lib/openldap
moduleload refint

but the Module seems not to exist in the image (started without "MEMBEROF=1"):

root@openldap[991d0fcdaa36]:/# ls -la /usr/lib/openldap
total 216
drwxr-xr-x    2 root     root          4096 Apr 17 10:37 .
drwxr-xr-x    1 root     root          4096 Apr 17 10:37 ..
lrwxrwxrwx    1 root     root            22 Apr 17 10:37 back_mdb-2.4.so.2 -> back_mdb-2.4.so.2.10.8
-rwxr-xr-x    1 root     root        211960 Nov  9  2017 back_mdb-2.4.so.2.10.8
lrwxrwxrwx    1 root     root            22 Apr 17 10:37 back_mdb.so -> back_mdb-2.4.so.2.10.8
root@openldap[991d0fcdaa36]:/#

acislik avatar May 12 '18 16:05 acislik

Any news?

MiguelAngelLV avatar Mar 28 '19 10:03 MiguelAngelLV

Sorry, I miscategorized the topic, it is not yet a feature (not yet documented), but something I was experimenting with, so it's not a bug, but a feature request.

I investigated on this, but did not get it to work. Any help would be appreciated.

mwaeckerlin avatar Jul 08 '19 18:07 mwaeckerlin

I was trying the memberof but I got the same error. Below are my instructions to enable memerof on bdb successfully, and my old ldap server works as expected. I tried to modify the schema in docker container with mdb but it didn't work. I hope this will help you.

#Create LDAP config files as below (also attached) $ cat memberof_config_1.ldif dn: cn=module,cn=config cn: module objectClass: olcModuleList olcModuleLoad: memberof olcModulePath: /usr/lib64/openldap

$ cat memberof_config_2.ldif dn: olcOverlay={0}memberof,olcDatabase={1}bdb,cn=config objectClass: olcConfig objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: top olcOverlay: memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf

$ cat refint1_modified.ldif dn: cn=module,cn=config cn: module objectclass: olcModuleList objectclass: top olcmoduleload: refint.la olcmodulepath: /usr/lib/openldap

$ cat refint2.ldif dn: olcOverlay={1}refint,olcDatabase={1}bdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig objectClass: top olcOverlay: {1}refint olcRefintAttribute: memberof member manager owner

Load the config files using following command a restart the LDAP.

ldapadd -x -D "cn=admin,dc=x,dc=x" -w "1234567890" -h localhost -p 389 -D CN=config -W -f memberof_config_1.ldif ldapadd -x -D "cn=admin,dc=x,dc=x" -w "1234567890" -h localhost -p 389 -D CN=config -W -f memberof_config_2.ldif ldapadd -D "cn=admin,dc=x,dc=x" -w "1234567890" -h localhost -p 389 -D CN=config -W -f refint1_modified.ldif ldapadd -D "cn=admin,dc=x,dc=x" -w "1234567890" -h localhost -p 389 -D CN=config -W -f refint2.ldif

  1. Restart the LDAP using service slapd stop service slapd start

singhindresh avatar Aug 21 '19 01:08 singhindresh