<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
The memberOf overlay will not "catch-up" (it will not go through
your groups and add data to the memberOf attribute).<br>
The overlay will only make changes when group memberships change
going forward.<br>
To handle your existing group memberships you'd need to write a
script (or something) that goes through your groups and removes and
re-adds users. This will trigger the overlay and your memberOf data
will be filled in.<br>
<br>
-Brian<br>
<br>
<div class="moz-cite-prefix">On 05/04/2016 09:27 PM, Chaitanya Kumar
Ch wrote:<br>
</div>
<blockquote
cite="mid:CABBwwD_yS+auo4qVvGXeGgZ4QJ3qvA-RGg4MB9Fj=8WdAgBqoA@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr"><span>overaly is enough for me.
</span><br>
<span>Followed </span><a moz-do-not-send="true"
href="http://www.schenkels.nl/2013/03/how-to-setup-openldap-with-memberof-overlay-ubuntu-12-04/"
target="_top" rel="nofollow"><span>this </span></a><span>link
to add memberOf attribute but I am not <span class="">getting</span>
memberOf result whilesearching for attribute using below
query:
</span><br>
<span>ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=ddharma)" -b
dc=test,dc=com memberO
</span><br>
<br>
<b><span>Query Result</span></b><span>:
</span><br>
<span>SASL/EXTERNAL authentication started
</span><br>
<span>SASL <span class="">username</span>:
gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth
</span><br>
<span>SASL SSF: 0
</span><br>
<span>version: 1
</span><br>
<br>
<span>dn: cn=dharma,ou=people,dc=test,dc=com
</span><br>
<br>
<b><span>Please find the below attachments:</span></b><br>
<span>1. ldap-structure.PNG : My ldap architecture. <span
class="">user</span> "dharma" is member <span class="">of</span>
twitter, historical, powertarck <span class="">groups</span>.
</span><br>
<span>2. backend.memberof.ldif
</span><br>
<span>3. backend.refint.ldif
</span><br>
<br>
<a moz-do-not-send="true"
href="http://shibboleth.1660669.n2.nabble.com/file/n7625251/ldap-structure.PNG"
target="_top" rel="nofollow"><span>ldap-structure.PNG</span></a><br>
<a moz-do-not-send="true"
href="http://shibboleth.1660669.n2.nabble.com/file/n7625251/backend.ldif"
target="_top" rel="nofollow"><span>backend.ldif</span></a><br>
<a moz-do-not-send="true"
href="http://shibboleth.1660669.n2.nabble.com/file/n7625251/backend.ldif"
target="_top" rel="nofollow"><span>backend.ldif</span></a><br>
<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, May 3, 2016 at 9:05 PM,
Chaitanya Kumar Ch <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:chaitu381923@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:chaitu381923@gmail.com">chaitu381923@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Hi, <br>
<br>
I tried to get list of groups of a user by following <a
moz-do-not-send="true"
href="https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples"
target="_blank"><a class="moz-txt-link-freetext" href="https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples">https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples</a></a><br>
<br>
but I am getting error in idp-process.log as
distinguishedName always returning nothing.<br>
<br>
attribute-resolver.xml:<br clear="all">
<!-- get the user's DN from the main LDAP connector
(myLDAP) for searching <br>
the groups the user is in --><br>
<resolver:AttributeDefinition id="distinguishedName"<br>
xsi:type="ad:Simple"
sourceAttributeID="distinguishedName"><br>
<resolver:Dependency ref="myLDAP" /><br>
<!-- no encoder needed --><br>
</resolver:AttributeDefinition><br>
<br>
<!-- search for all groups the user is recursively in
- and flatten the distinguishedName(s) <br>
of all the groups into a single multivalued
attribute --><br>
<resolver:DataConnector id="groupLDAP"
xsi:type="dc:LDAPDirectory"<br>
ldapURL=<a class="moz-txt-link-rfc2396E" href="ldap://192.XXXXXXXX:389">"ldap://192.XXXXXXXX:389"</a> baseDN="OU=Groups
and Resources,DC=test,DC=com"<br>
principal="CN=admin,DC=test,DC=com"
principalCredential="XXXXXXX"><br>
<resolver:Dependency ref="distinguishedName"
/><br>
<dc:FilterTemplate><br>
<![CDATA[<br>
(member:1.2.840.113556.1.4.1941:=${distinguishedName.get(0)})<br>
]]><br>
</dc:FilterTemplate><br>
<dc:ReturnAttributes>distinguishedName</dc:ReturnAttributes><br>
<dc:LDAPProperty name="java.naming.referral"
value="follow" /><br>
</resolver:DataConnector><br>
<br>
<!-- define the memberOf attribute based on the
distinguishedName attribute <br>
returned by the groupLDAP connector - names of all
groups the user is in --><br>
<resolver:AttributeDefinition id="memberOf"<br>
xsi:type="ad:Simple"
sourceAttributeID="distinguishedName"><br>
<resolver:Dependency ref="groupLDAP" /><br>
<!-- no encoder needed --><br>
</resolver:AttributeDefinition><br>
<br>
</div>
Please help me.<span class="HOEnZb"><font color="#888888"><br>
<div><br>
-- <br>
<div>
<div dir="ltr">Thank You,<br>
Chaitanya Kumar Ch,<br>
+91 9550837582<br>
</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr">Thank You,<br>
Chaitanya Kumar Ch,<br>
+91 9550837582<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Brian Biggs
Sonoma State University
</pre>
</body>
</html>