Dev Shed Forums

**pcm_wang**

Hi, does anyone know which schema provides use of the isMemberOf attribute? i have downloaded the eduPerson schema, but it doesn't allow me to enter in "isMemberOf: groupA"... it gives an error saying:
ldap_add: Undefined attribute type (17)
additional info: isMemberOf: attribute type undefined

thankyou for your help

Philip.

**Viper_SB**

Which ldap server you using? AD? openLDAP? I searched google and didn't come up with much except for a few MS related stuff for AD.

Can you grep your current schema files and see if it exists?

If ldap is able to start it should be a valid attribute. Are you sure you're typing it correctly?

**pcm_wang**

i'm using OpenLDAP. i've used grep on all the schema files, but didn't find any entry with the 'isMemberOf' attribute (used the -i option to ignore case)
LDAP is working when i omit the isMemberOf lines from the ldif file, but comes up with the error when i add the lines in...

**arknius**

You have to add the isMemberOf Attribute to the OpenLDAP Schema. The following files define the OpenLDAP Schema:

In /etc/openldap/slapd.conf is defined:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/rfc822-MailMember.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/kerberosobject.schema

You must not change them in any way! Write a New Schema File and reference it in the slapd.conf file:

include /etc/openldap/schema/local.schema

in that file define your isMemberOf Attribute.

More information about schema creation can be found here:

http://www.openldap.org/doc/admin22/schema.html

**pcm_wang**

Thankyou! i have it working now =)

**khazelton**

The Internet2 Middleware Architecture Committee for Education (MACE) has a Directory Working Group, MACE-Dir.

MACE-Dir has developed some guidelines (and software!) for higher ed institutions wanting to use groups.

See
http://middleware.internet2.edu/dir/groups/#Docs
for details

This work includes attribute definitions and an auxiliary object class for use in LDAP directories. A .schema file that can be used to define these in openLDAP-based directories is pasted in below. Be sure to watch for proper line ends, etc. if you cut & paste this:

---------
# eduMember.schema
# The isMemberOf attribute associated with an entity is a
# collection of values each of which identifies a group to
# which that entity belongs.
attributetype ( 1.3.6.1.4.1.5923.1.5.1.1
NAME 'isMemberOf'
DESC 'identifiers for groups to which containing entity belongs'
EQUALITY caseExactMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

# The hasMember attribute associated with a group is a collection
# of values each of which identifies an entity that belongs to the
# group.
attributetype ( 1.3.6.1.4.1.5923.1.5.1.2
NAME 'hasMember'
DESC 'identifiers for entities that are members of the group'
EQUALITY caseExactMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

# The eduMember objectclass is a convenient container for an
# extensible set of attributes concerning group memberships
objectclass ( 1.3.6.1.4.1.5923.1.5.2
NAME 'eduMember'
AUXILIARY
MAY ( isMemberOf $ hasMember
)
)
-------

Regards, --Keith Hazelton

Dev Shed Forums

Thread: need help with isMemberOf attribute

need help with isMemberOf attribute

Here's a .schema file for an auxiliary object class containing isMemberOf