Add memberOf attribute in ApacheDS

Question

Add memberOf attribute in ApacheDS

I am trying to mimic the memberOf Active Directory attribute in Apache Directory. I added the following entry for memberOf to the LDIF file:

dn: m-oid=1.3.6.1.4.1.18060.0.4.3.2.1,ou=attributeTypes,cn=other,ou=schema m-usage: USER_APPLICATIONS m-equality: distinguishedNameMatch objectClass: metaAttributeType objectClass: metaTop objectClass: top m-name: memberOf m-oid: 1.3.6.1.4.1.18060.0.4.3.2.1 m-obsolete: FALSE m-noUserModification: FALSE m-syntax: 1.3.6.1.4.1.1466.115.121.1.27

When I start ApacheDS, the following warning is logged:

  WARN [ContainerBackgroundProcessor[StandardEngine[Catalina]]] entry.ServerStringValue - Cannot normalize the value :Encountered name based id of memberOf which was not found in the OID registry

This causes problems later because my application is trying to use the memberOf attribute as a search filter.

Is there something wrong with the way I specified the LDIF record?

+6

ldap apacheds

timmy Jun 24 '12 at 3:53

source share

4 answers

Denys kurylenko · Answer 1 · 2015-12-28T23:35:48+0000

For my integration test cases on the embedded Apache Directory Server, I added the memberOf and sAMAccountName attributes defined on the Microsoft Active Directory server.

 ######################################################### # MICROSOFT SCHEMA for sAMAccountName and memberOf # these two attributes are not defined in Apache Directory Server ######################################################### dn: cn=microsoft, ou=schema objectclass: metaSchema objectclass: top cn: microsoft dn: ou=attributetypes, cn=microsoft, ou=schema objectclass: organizationalUnit objectclass: top ou: attributetypes dn: m-oid=1.2.840.113556.1.4.221, ou=attributetypes, cn=microsoft, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.2.840.113556.1.4.221 m-name: sAMAccountName m-equality: caseIgnoreMatch m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 m-singleValue: TRUE dn: m-oid=1.2.840.113556.1.4.222, ou=attributetypes, cn=microsoft, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.2.840.113556.1.4.222 m-name: memberOf m-equality: caseIgnoreMatch m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 m-singleValue: FALSE dn: ou=objectclasses, cn=microsoft, ou=schema objectclass: organizationalUnit objectclass: top ou: objectClasses dn: m-oid=1.2.840.113556.1.5.6, ou=objectclasses, cn=microsoft, ou=schema objectclass: metaObjectClass objectclass: metaTop objectclass: top m-oid: 1.2.840.113556.1.5.6 m-name: simulatedMicrosoftSecurityPrincipal m-supObjectClass: top m-typeObjectClass: AUXILIARY m-must: sAMAccountName m-may: memberOf ####################################################### # Megacorp employees ####################################################### dn: cn=EmployeeABC,ou=nl_users,DC=corp,DC=megacorp,DC=COM objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectclass: simulatedMicrosoftSecurityPrincipal cn: EmployeeABC sn: EmployeeABC givenName: EmployeeABC mail: EmployeeABC@megacorp.com MEMBEROF: CN=just-users,OU=mc_groups,DC=corp,DC=megacorp,DC=com MEMBEROF: CN=best-users,OU=mc_groups,DC=corp,DC=megacorp,DC=com SAMACCOUNTNAME: employeeabc

Lucas · Answer 2 · 2013-07-20T17:18:51+0000

The ApacheDS team is aware of the desire for the memberOf virtual attribute. They mention that it will be part of the 2.1.0 release :

Le 5/20/13 5:53 PM, Danielsen, Jay a écrit:
I see from archives in January 2013 that the memberOf virtual attribute is not yet supported. Are there any plans or work in progress to support memberOf in the upcoming release? Morst is definitely in 2.1.0.
We are currently working on cleaning up the 150 remaining issues to 2.0.0-RC1, so I think this is what we may have over the next 6 months.
You can create a JIRA to request such a function.
Thanks!
- Regards, Cordialement, Emmanuel the Healer www.iktek.com

And here is a JIRA request.

Ejp · Answer 3 · 2012-06-24T08:21:55+0000

You may need to add a schema containing 'memberOf' to the ApacheDS configuration.

Adrian · Answer 4 · 2014-01-20T07:11:38+0000

Not an answer to your question and really not a good practice, but you can use another existing attribute to emulate this.

We use ApacheDS only for testing, so this may be good. We used the title attribute, "but there may be another that you can use without risk.

Add memberOf attribute in ApacheDS

More articles: