Mustafa Hashmi's picture

Hey there,

 

great product, took mere minutes to get up and running creating users+groups. Would love for you to include a GUI driven feature to enable memberof functionality which is required by many number of integrations. At this time would like a easy step-by-step method of turning this on in Turnkey's version. There are a log of guide out there but they generally are over complicated and refer to vanilla installs. 

 

Would love some help.

 

Thanks

Forum: 
Jonathan Struebel's picture

The following steps will allow you to enable the memberof overlay functionality on the OpenLDAP appliance. They will all have to be done from the console since the current permissions don't allow them to be done from the GUI. I still haven't figured out the right settings to keep the config secure but still allow all settings to be modified from the GUI.

First type the following command to enable the memberof module:

ldapmodify -Y EXTERNAL -H ldapi:/// <<EOL
dn: cn=module{0},cn=config
add: olcModuleLoad
olcModuleLoad: memberof
EOL

Second type the following command to configure OpenLDAP to use the memberof module:

ldapadd -Y EXTERNAL -H ldapi:/// <<EOL
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
olcOverlay: memberof
EOL

 

Finally type the following command to ensure OpenLDAP reloads the configuration (this step may not be strictly necessary due to the way the configuration is stored but it doesn't hurt anything and ensures your using the latest config):

service slapd restart

 

 

EK's picture

This is not working with latest version, could you please update ?
EK's picture

could you please update this post? It seems it is not working with current version..
Jeremy Davis's picture

Seeing as the version of OpenLDAP in v15.x is the same major & minor version (i.e. 2.4.x) and the current v2.4 upstream documentation only references major/minor version suggest that things shouldn't have changed too much?! For example, the Member Of docs do not note any specific changes between v2.4 builds. I also note that the Debian "slapo-memberof" man page for Debian 8/Jessie (which the above was specifically relevant to) appears to be identical to the Debian 9/Stretch page.

Having said that, I'm certainly not expert on OpenLDAP and haven't double checked myself, so it's possible that there is some fundamental change that I am unaware of and hasn't been well documented. Although I've had a pretty good google and can't find any references to changes in the Member Of config between OpenLDAP v2.4.40 & v2.4.44, or even any recent tutorials on how to set it up.

If you keep in mind that TurnKey is Debian under the hood (v15.x = Debian 9/Stretch) then perhaps it might be worth seeking assistance somewhere such as Server Fault? ('Nix Stack Exchange is another option, although I reckon Server Fault would be better for this one).

I'll try to have a look sometime soon and will certainly post back with what I find. If you have any luck and manage to work out (or even if you discover more info) please post back and share what you learn. If there is anything that we can be doing better it'd be great to know! :)

Add new comment