First install the openldap package
sudo apt-get install slapd
Then add the memberOf module and overlay to the schema.
vi member.ldif
Add the following to the file:
dn: cn=module,cn=config
cn: module
objectclass: olcModuleList
objectclass: top
olcmoduleload: memberof.la
olcmodulepath: /usr/lib/ldap
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
Save the file and add it to the OpenLDAP config with the following command:
ldapadd -Y EXTERNAL -H ldapi:/// -f member.ldif
[AdSense-B]
Add referential integrety to the ldap config
vi refint.ldif
Add the following to the file:
dn: cn=module,cn=config
cn: module
objectclass: olcModuleList
objectclass: top
olcmoduleload: refint.la
olcmodulepath: /usr/lib/ldap
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner
[AdSense-A]
Save the file and load the file into the ldap schema
ldapadd -Y EXTERNAL -H ldapi:/// -f refint.ldif
You should now have a fully functional OpenLDAP server with the memeberOf attribute.
Just tested this with Ubuntu server 17.04. Works nearly perfect. With this version of the Ubuntu server you only have to change in both LDIF-files the string “hdb” to “mdb”. Then everything is fine.
Great work, Andre – thank you!
This worked well on my setup and I did not experience the objectclass violation error that others reported. Using Ubuntu 14.04.3 LTS.
[…] http://www.schenkels.nl/2013/03/how-to-setup-openldap-with-memberof-overlay-ubuntu-12-04/ […]
[…] are several tutorials available online for this (for example http://www.schenkels.nl/2013/03/how-to-setup-openldap-with-memberof-overlay-ubuntu-12-04/). Most however use OpenLDAPs online configuration (olc) and not slapd.conf. olc is the recommended […]
Yay thank you thank you thank you! This worked and I looked at many other sites and nothing was as simple and direct. Cheers.
It looks like this new attribute memeberOf is not used by any objectClasses. I have tried to add it to some objectClasses without success. It works only when you assign this attribute directly to some account directly in the ldap database.
Does this apply to Red Hat 6.2? I’m looking to configure it so that the memberOf attribute can be used and have read that the objectClass inetUser needs needs to be defined and that all this requires FreeIPA installed and set up. Please correct me if I am wrong. thanks!
Hi Erik,
I’ve never used RedHat 6.2 so I don’tknow the answer to your question.
But in general it should work with every linux distro
Greetz,
André
big THANKS
Hello,
When I use the memberof attribute it gives-me objectclass violation…
Do I have to create a new objectclass with this attribute?
Thanks
Great, thanks!