I've been trying 2 days not to get memberof overlay of openldap to work and give some actual results. My database config:
database bdb
suffix "dc=example,dc=net"
checkpoint 1024 15
rootdn "cn=root,dc=exmple,dc=net"
rootpw {SSHA}stuffffffff
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
overlay memberof
Then
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
Restart slapd and create test user and test group. Then ldap search to see the result:
[root@sso openldap]# ldapsearch -W -H ldapi:/// "(uid=test123)" -b dc=example,dc=net memberOf
Enter LDAP Password:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=net> with scope subtree
# filter: (uid=test123)
# requesting: memberOf
#
# search result
search: 3
result: 0 Success
# numResponses: 1
And still not showing the memberof attributes. According to the openldap documentation it should be exactly that simple - add overlay memberof to the slapd.conf and it should work. Any idea? Thanks.
You don't state whether you added the new user to the new group, but in any case you've loaded the memberof
overlay but not configured it. Unless you're relying on the default configuration, whatever that is, you need to confifure three or four aspects. See man slapo-memberof for details, I'm not going to repeat them here.