[GH-ISSUE #18] Memberof not populating #10

Closed
opened 2026-02-27 16:47:38 +03:00 by kerem · 3 comments
Owner

Originally created by @cybrrnick on GitHub (Sep 23, 2020).
Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/18

Hello, looks like memberof configuration is not populating under user records. Is that expected or is there anything needed to be done to get that to work?

Originally created by @cybrrnick on GitHub (Sep 23, 2020). Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/18 Hello, looks like memberof configuration is not populating under user records. Is that expected or is there anything needed to be done to get that to work?
kerem closed this issue 2026-02-27 16:47:38 +03:00
Author
Owner

@satterly commented on GitHub (Nov 3, 2020):

It works for this LDAP search...

$ ldapsearch -H ldap://localhost:389 \
  -D cn=admin,dc=planetexpress,dc=com \
  -w GoodNewsEveryone \
  -b "ou=people,dc=planetexpress,dc=com" \
  -s sub \
  "(&(uid=professor)(objectClass=inetOrgPerson))" \
  "memberOf"
ldap_initialize( ldap://localhost:389/??base )
filter: (&(uid=professor)(objectClass=inetOrgPerson))
requesting: memberOf
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=planetexpress,dc=com> with scope subtree
# filter: (&(uid=professor)(objectClass=inetOrgPerson))
# requesting: memberOf
#

# Hubert J. Farnsworth, people, planetexpress.com
dn: cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
memberOf: cn=admin_staff,ou=people,dc=planetexpress,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

What search filter are you using?

<!-- gh-comment-id:721337914 --> @satterly commented on GitHub (Nov 3, 2020): It works for this LDAP search... ``` $ ldapsearch -H ldap://localhost:389 \ -D cn=admin,dc=planetexpress,dc=com \ -w GoodNewsEveryone \ -b "ou=people,dc=planetexpress,dc=com" \ -s sub \ "(&(uid=professor)(objectClass=inetOrgPerson))" \ "memberOf" ldap_initialize( ldap://localhost:389/??base ) filter: (&(uid=professor)(objectClass=inetOrgPerson)) requesting: memberOf # extended LDIF # # LDAPv3 # base <ou=people,dc=planetexpress,dc=com> with scope subtree # filter: (&(uid=professor)(objectClass=inetOrgPerson)) # requesting: memberOf # # Hubert J. Farnsworth, people, planetexpress.com dn: cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com memberOf: cn=admin_staff,ou=people,dc=planetexpress,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ``` What search filter are you using?
Author
Owner

@stiller-leser commented on GitHub (Nov 27, 2020):

I suppose the issue is a little different. While you can request the attribute with @satterly's ldapsearch the memberOf attribute is never returned for inetOrgPerson for a ldapsearch that is not requesting it. All other fields are.

Trying to add it into https://github.com/rroemhild/docker-test-openldap/blob/master/bootstrap/config/msad.ldif#L19 results in

ldap_modify: Other (e.g., implementation specific) error (80)
        additional info: olcObjectClasses: AttributeType not found: "memberOf"
<!-- gh-comment-id:734864691 --> @stiller-leser commented on GitHub (Nov 27, 2020): I suppose the issue is a little different. While you can request the attribute with @satterly's `ldapsearch` the `memberOf` attribute is never returned for `inetOrgPerson` for a `ldapsearch` that is not requesting it. All other fields are. Trying to add it into https://github.com/rroemhild/docker-test-openldap/blob/master/bootstrap/config/msad.ldif#L19 results in ``` ldap_modify: Other (e.g., implementation specific) error (80) additional info: olcObjectClasses: AttributeType not found: "memberOf" ```
Author
Owner

@rroemhild commented on GitHub (Jan 3, 2021):

Hi @nikirago, memberof is an operation attribute and not returned by the server per default. You can return it explicit as in the example from @satterly or add the + sign at the end of your ldapsearch command:

ldapsearch -H ldap://localhost:10389 \
    -D cn=admin,dc=planetexpress,dc=com \
    -w GoodNewsEveryone \
    -b "ou=people,dc=planetexpress,dc=com" \
    -s sub "(&(uid=professor)(objectClass=inetOrgPerson))" +

I'll close this issue. Feel free to re-open it if you still can't get the memberOf attribute.

<!-- gh-comment-id:753645678 --> @rroemhild commented on GitHub (Jan 3, 2021): Hi @nikirago, `memberof` is an operation attribute and not returned by the server per default. You can return it explicit as in the example from @satterly or add the `+` sign at the end of your ldapsearch command: ```sh ldapsearch -H ldap://localhost:10389 \ -D cn=admin,dc=planetexpress,dc=com \ -w GoodNewsEveryone \ -b "ou=people,dc=planetexpress,dc=com" \ -s sub "(&(uid=professor)(objectClass=inetOrgPerson))" + ``` I'll close this issue. Feel free to re-open it if you still can't get the `memberOf` attribute.
Sign in to join this conversation.
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-test-openldap#10
No description provided.