How To Install and Configure an LDAP Proxy-Cache Server

The Proxy Cache Engine

How To Install and Configure an LDAP Proxy-Cache Server

Configuring LDAP Proxy Server with multiple AD/LDAP Servers

Control Directory Services with LDAP Proxy

Real detailed description of LDAP BAckend The LDAP backend (How do I setup/configure back-ldap?)

Configuring LDAP server

Quick-Start Guide

Configuring slapd

Configuring an LDAP Server

memberof

Статические группы: наложение memberof , много практической информации по memberof

Статические группы: наложение memberof Статические группы: наложение memberof

OpenLDAP memberOf overlay OpenLDAP memberOf overlay

man: slapo-memberof

ldap filter examples

C.2. LDAP Filters and Attributes for Users, Groups, and Containers

How to write LDAP search filters

Ldap extending schema Extending schema

https://github.com/abbra/freeipa-userstatus-plugin is kind of canonical example I made to demonstrate how to extend a schema, a CLI, and a web UI, in addition to packaging this properly for an RPM-based distribution. It is a fully-working plugin.

A user status plugin example for freeIPA

---

/usr/local/etc/openldap/slapd.conf

cat slapd.conf.tested include /usr/local/etc/openldap/schema/core.schema

yar added

include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/openldap.schema

pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args

Load dynamic backend modules:

yar added

moduleload rwm moduleload memberof.la

database config

#######################################################################

META Database Definitions

#######################################################################

Database

database meta suffix "dc=proxy,dc=com" rootdn "cn=manager,dc=proxy,dc=com" rootpw secret

readonly yes

LDAP 1

uri "ldap://ipa1.core.idenon.com:389/dc=proxy,dc=com"

lastmod off suffixmassage "dc=proxy,dc=com" "dc=core,dc=idenon,dc=com" idassert-bind bindmethod=simple binddn="uid=admin,cn=users,cn=accounts,dc=core,dc=idenon,dc=com" credentials="supersecret1" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=manager,dc=proxy,dc=com"

#LDAP 2

uri "ldap://ipa02-dzento-v.dzento.com/dc=proxy,dc=com" suffixmassage "dc=proxy,dc=com" "dc=dzento,dc=com" idassert-bind bindmethod=simple binddn="uid=y.sobolevsky,cn=users,cn=accounts,dc=dzento,dc=com" credentials="supersecret2" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=manager,dc=proxy,dc=com"

yar added

overlay memberof

ldapsearch -h 127.0.0.1 -b dc=proxy,dc=com -D cn=manager,dc=proxy,dc=com -w \secret uid=yaruser * memberOf