groups and memberof attribute

Nikolai Maziashvili mlist_kolab at cyclinggeorgian.com
Tue Dec 30 09:38:32 CET 2014 

Hi,

Few documentation pages later... never have been part of discussion 
Mihai mentions, but (i think) i understand not implementing memberof 
plugin out of the box.
But this was never my intention to ask for it, i was trying to 
understand why it was missing...
OK, memberof plugin is not there and i understand why...but it doesn't 
change the fact that i can't construct search filter which would make 
OwnCloud filter users on the bases of group membership.
Could anyone, please, help me out with this?

Regards,
Nikolai

PS After reading some articles i experimented with "seeAlso" attribute, 
adding it to user and a group, the user was member of. Search filter 
based on this attribute worked, but i wrongly assumed that "seeAlso" 
attribute was (hard) linked to users membership to certain group. When i 
removed user from the group "seeAlso" attribute wasn't removed and it 
was still functioning.
This made using "seeAlso" attribute unacceptable for me. It was 
introducing another maintenance layer i was trying to avoid in the first 
place...



On 29-12-2014 22:19, Mihai Badici wrote:
> On Monday 29 December 2014 21:29:08 Nikolai Maziashvili wrote:
>> Hi,
>> 
>> Usually when i make query on user i get "memberof" ... list of groups
>> user is member of... but it seem to me that although i add users to
>> several groups i can't get information on their "memberof". Only when 
>> i
>> query info on group i get "uniquemember" list. I think this luck of
>> "memberof" attribute what makes it impossible for me to filter users 
>> on
>> group bases.
>> I could be way off here :), so please don't be shy to educate me.
>> 
>> Kind regards,
>> Nikolai
> 
> 
> I think this discussion about the opportunity of "memberof" has been 
> long time
> ago and the answer was: no :)
> As I know, Active Directory is the only directory who use the 
> "memberof"
> object.
> In some cases you probably need two queries. In other cases you can 
> query for
> uniquemember like: ldapsearch -b dc=mydomain,dc=eu -D "cn=Directory 
> Manager"
>  -x -W uniqueMember="cn=Directory Manager" cn
> 
> This will return the groups where Directory Manager is member. You will 
> need
> the full cn .
> 
> Postfix has a special configuration key for this case:
> 
> I use somethink like :
> 
> search_attribute = member
> query_filter = (&(objectclass=groupofnames)(cn=%s))
> result_attribute = uid
> special_result_attribute = member
> 
> ( groupofnames is from inetorgperson schema if i remember well)
> 
> 
> 
> 
>> 
>> PS i have tried creating normal posix groups and "simple" groups, none
>> of them gets filtered on. For example owncloud, can detect and
>> authenticate all users, can list all (only posix) groups, but it won't
>> filter on them. Same goes for other applications and plain ldapsearch
>> too.
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list