Problem with LDAP group with different DNs for group and user

Xavier_MOGHRABI · May 4, 2006, 4:35pm

Hi folks,

I’'m trying to plug Wildfire 2.6.2 with my OpenLDAP server (version 2.0.23).

My LDAP schema is the following :

dc=example,dc=org,ou=People : contains user

dc=example,dc=org,ou=Group : contains unix group

dc=example,dc=org,ou=cvsGroup : contains cvs group

I’'d like to add the entries in cvsGroup in wildfire as groups and the entries in People as users without taking into account the entries in Group.

To do that I’'ve configured wildfire like this :

however I am not able to filter on the right domain name.

To do it with ldapsearch I have to change the baseDN like that :

ldapsearch -x -v -b ‘‘ou=cvsGroup,dc=gforge,dc=objectweb,dc=org’’ ‘’(objectClass=posixGroup)’’

How can I do that since there is a common baseDN for users and groups ?

Thanks a lot for your help

Xavier

Message was edited by: moghrabi

Cameron_Moore · May 5, 2006, 10:01pm

Two options:

Try using baseDN[/b] and alternateBaseDN[/b] to bind only to the two OUs you want. See the LDAP Guide for more info.[1]
Use a search filter to exclude objects in the CvsGroup based on some unique attr of the objects therein. This may not be feasible for your environment.

Xavier_MOGHRABI · May 9, 2006, 3:12pm

Hi

The 2nd solutions is not applicable since the Group and cvsGroup have the same struture.

Concerning the 1st solution, I don’'t get you.

If I set: baseDN= People and alternateBaseDN= cvsGroup => I have no group available.
If I set: baseDN= cvsGroup and altenateBaseDN= People => I have no people and I can’'t login.

Regards