#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2004
    Posts
    4
    Rep Power
    0

    need help with isMemberOf attribute


    Hi, does anyone know which schema provides use of the isMemberOf attribute? i have downloaded the eduPerson schema, but it doesn't allow me to enter in "isMemberOf: groupA"... it gives an error saying:
    ldap_add: Undefined attribute type (17)
    additional info: isMemberOf: attribute type undefined

    thankyou for your help

    Philip.
  2. #2
  3. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    Which ldap server you using? AD? openLDAP? I searched google and didn't come up with much except for a few MS related stuff for AD.

    Can you grep your current schema files and see if it exists?

    If ldap is able to start it should be a valid attribute. Are you sure you're typing it correctly?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2004
    Posts
    4
    Rep Power
    0
    i'm using OpenLDAP. i've used grep on all the schema files, but didn't find any entry with the 'isMemberOf' attribute (used the -i option to ignore case)
    LDAP is working when i omit the isMemberOf lines from the ldif file, but comes up with the error when i add the lines in...
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2004
    Location
    Stuttgart
    Posts
    50
    Rep Power
    11
    You have to add the isMemberOf Attribute to the OpenLDAP Schema. The following files define the OpenLDAP Schema:

    In /etc/openldap/slapd.conf is defined:
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/rfc822-MailMember.schema
    include /etc/openldap/schema/autofs.schema
    include /etc/openldap/schema/kerberosobject.schema
    You must not change them in any way! Write a New Schema File and reference it in the slapd.conf file:

    include /etc/openldap/schema/local.schema
    in that file define your isMemberOf Attribute.

    More information about schema creation can be found here:

    http://www.openldap.org/doc/admin22/schema.html

  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2004
    Posts
    4
    Rep Power
    0
    Thankyou! i have it working now =)
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2005
    Posts
    1
    Rep Power
    0

    Here's a .schema file for an auxiliary object class containing isMemberOf


    The Internet2 Middleware Architecture Committee for Education (MACE) has a Directory Working Group, MACE-Dir.

    MACE-Dir has developed some guidelines (and software!) for higher ed institutions wanting to use groups.

    See
    http://middleware.internet2.edu/dir/groups/#Docs
    for details

    This work includes attribute definitions and an auxiliary object class for use in LDAP directories. A .schema file that can be used to define these in openLDAP-based directories is pasted in below. Be sure to watch for proper line ends, etc. if you cut & paste this:

    ---------
    # eduMember.schema
    # The isMemberOf attribute associated with an entity is a
    # collection of values each of which identifies a group to
    # which that entity belongs.
    attributetype ( 1.3.6.1.4.1.5923.1.5.1.1
    NAME 'isMemberOf'
    DESC 'identifiers for groups to which containing entity belongs'
    EQUALITY caseExactMatch
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

    # The hasMember attribute associated with a group is a collection
    # of values each of which identifies an entity that belongs to the
    # group.
    attributetype ( 1.3.6.1.4.1.5923.1.5.1.2
    NAME 'hasMember'
    DESC 'identifiers for entities that are members of the group'
    EQUALITY caseExactMatch
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

    # The eduMember objectclass is a convenient container for an
    # extensible set of attributes concerning group memberships
    objectclass ( 1.3.6.1.4.1.5923.1.5.2
    NAME 'eduMember'
    AUXILIARY
    MAY ( isMemberOf $ hasMember
    )
    )
    -------

    Regards, --Keith Hazelton

IMN logo majestic logo threadwatch logo seochat tools logo