I want to have the memberOf attribute in ApacheDS so that I can restrict access to certain applications using LDAP filters such as (memberOf=CN=mygroup,DC=example,DC=com) . Importing an LDAP schema from this answear works, but there are two problems that I would like to solve:
The schema from the SO response imports both memberOf and sAMAccountName , the latter being mandatory. I do not use sAMAccountName , so forcing the installation is useless extra work for me.
The memberOf field memberOf seems wrong: using Apache Directory Studio, this is a simple text field. This means that I have to go to groupOfNames, copy the DN and paste it. With the right type, Directory Studio offers me a selection list and the ability to select a tree DN (DN window editor), which is much more convenient. For example, in the member attribute of groupOfNames this is because the field expects a DN from member users.
To achieve this, I removed the information from sAMAccountName from the code. I also changed m-must: sAMAccountName to m-may: sAMAccountName so that the field is at least optional. And I added the m-supattributetype: distinguishedName property to memberOf , so Directory Studio offers me a DN editor.
Both do not work, I do not see any changes in the original LDIF, which is not clear to me. I used the docker container and always did a full reset to make sure I have a clean base for testing purposes.
My LDIF file:
dn: cn=microsoft, ou=schema objectclass: metaSchema objectclass: top cn: microsoft dn: ou=attributetypes, cn=microsoft, ou=schema objectclass: organizationalUnit objectclass: top ou: attributetypes dn: m-oid=1.2.840.113556.1.4.222, ou=attributetypes, cn=microsoft, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.2.840.113556.1.4.222 m-name: memberOf m-equality: caseIgnoreMatch m-syntax: 1.3.6.1.4.1.1466.115.121.1.15 m-singleValue: FALSE m-supattributetype: distinguishedName dn: ou=objectclasses, cn=microsoft, ou=schema objectclass: organizationalUnit objectclass: top ou: objectClasses dn: m-oid=1.2.840.113556.1.5.6, ou=objectclasses, cn=microsoft, ou=schema objectclass: metaObjectClass objectclass: metaTop objectclass: top m-oid: 1.2.840.113556.1.5.6 m-name: simulatedMicrosoftSecurityPrincipal m-supObjectClass: top m-typeObjectClass: AUXILIARY m-may: memberOf
I would expect from this ldif file that memberOf is created as a DN for Apache Studio and that I do not get the sAMAccountName field.
Lion source share