Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how do I configure memberOf? #20

Open
awaragi opened this issue Jan 27, 2017 · 7 comments
Open

how do I configure memberOf? #20

awaragi opened this issue Jan 27, 2017 · 7 comments

Comments

@awaragi
Copy link

awaragi commented Jan 27, 2017

Hi. Thank you for great image. Really helpful.

I need help with my setup. I have a very simple one. Nothing complicated. I've looked into the issue about memberOf issue and I can't wrap my head around a solution.

I have LDIF file that I store in a prepopulate folder. The file is very simple two users, only one belongs to the application group (groupOfUniqueNames). The file is hosted at http://pastebin.com/VwfJkQKi

Here is the docker-compose configuration I am using
openldap:
image: dinkel/openldap
ports:
- "636:636"
- "389:389"
volumes:
- "./containers/prepopulate/ldap:/etc/ldap.dist/prepopulate:ro"
environment:
- SLAPD_DOMAIN=test
- SLAPD_PASSWORD=admin
- SLAPD_CONFIG_PASSWORD=config
- SLAPD_ADDITIONAL_MODULES=memberof

simple search for uid=two works perfect.

My Objective/requirement: I want to be able to execute a simple query with membership (&(uid=two)(memberOf=cn=application,ou=apps,dc=test)). It does not work.

Can you please help/advise?
@joariasl
Copy link

joariasl commented Feb 16, 2017
edited
Loading

Have you tried to import the directory of users first that the GroupOfName directory?
In my case I needed do that for use memberOf correctly.

@awaragi
Copy link
Author

awaragi commented Feb 16, 2017

I am afraid that I don't clearly understand your instructions. I am a bit of noob when it comes to ldap.

@joariasl
Copy link

Maybe your problem it's becouse you are importing data into OpenLDAP, you need create first the member and after the groupOfNames. For security LDAP no associate the member added after of a groupOfNames.
For example if you delete a member to the LDAP and this are member of a groupOfNames, to the moment of insert a new member with the same DN, this are not associed to the group, becouse it's a no explicit association.
So, you need add first the users and after the groupOfNames or configure your LDAP for disable this security option.

@joariasl
Copy link

This is an example for run your OpenLDAP container:

docker run --name openldap -d -p 389:389 \
    -e SLAPD_PASSWORD=YourPassword \
    -e SLAPD_DOMAIN=domain.com \
    -e SLAPD_ORGANIZATION=YourBussinesName \
    -e SLAPD_ADDITIONAL_MODULES=memberof \
    --volume openldap-conf:/etc/ldap \
    --volume openldap-data:/var/lib/ldap \
    dinkel/openldap

The important paramter is: -e SLAPD_ADDITIONAL_MODULES=memberof

@xgodon
Copy link

xgodon commented Apr 28, 2017

Are you sure memberof work?
if you do an ldapsearch like :
ldapsearch -x -p 389 -h 127.0.0.1 -b "ou=People,dc=exemple,dc=com" -LLL uid=youruid memberof
do you see the groups?

@awaragi
Copy link
Author

awaragi commented Apr 28, 2017

Have given up on it working. For me the docket container was for local development so not the end of the world just very annoying

@hlavki
Copy link

hlavki commented Jun 9, 2017

It works, but you have to use groupOfNames instead of groupOfUniqueNames

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hlavki @joariasl @xgodon @awaragi