While testing memberOf LDAP filter, I discovered (thanks to @danlavu ) that memberOf plugin was disabled.
After enabling it and restarting the LDAP service it worked! I performed some tests and it didn't affect rfc2307bis = false tests (as far as I see).
Here is the tests that I did:
u1 = provider.user("user1").add()
u2 = provider.user("user2").add()
u3 = provider.user("user3").add()
provider.group("group1", rfc2307bis=True).add().add_member(u1)
provider.group("group2").add().add_member(u2)
provider.group("group3").add().add_members([u1, u2, u3])
And here is the LDAP structure output for groups:
dn: cn=group1,ou=groups,dc=ldap,dc=test
objectClass: groupOfNames
objectClass: posixGroup
cn: group1
member: cn=user1,ou=users,dc=ldap,dc=test
dn: cn=group2,ou=groups,dc=ldap,dc=test
objectClass: posixGroup
gidNumber: 33002
cn: group2
memberUid: user2
dn: cn=group3,ou=groups,dc=ldap,dc=test
objectClass: posixGroup
gidNumber: 33003
cn: group3
memberUid: user1
memberUid: user2
memberUid: user3
And here is the LDAP structure output for users:
dn: cn=user1,ou=users,dc=ldap,dc=test
objectClass: nsMemberOf
objectClass: posixAccount
objectClass: top
cn: user1
gidNumber: 23001
homeDirectory: /home/user1
uid: user1
uidNumber: 23001
memberOf: cn=group1,ou=groups,dc=ldap,dc=test
dn: cn=user2,ou=users,dc=ldap,dc=test
objectClass: posixAccount
objectClass: top
cn: user2
gidNumber: 23002
homeDirectory: /home/user2
uid: user2
uidNumber: 23002
userPassword:: e1NIQTI1Nn1MdEJuWm5sZFdLVHlMVkVhWnk4Z3ByQ1cwLzViVnE4NmRFWjRxY
U5XL1lJPQ==
dn: cn=user3,ou=users,dc=ldap,dc=test
objectClass: posixAccount
objectClass: top
cn: user3
gidNumber: 23003
homeDirectory: /home/user3
uid: user3
uidNumber: 23003
userPassword:: e1NIQTI1Nn1MdEJuWm5sZFdLVHlMVkVhWnk4Z3ByQ1cwLzViVnE4NmRFWjRxY
U5XL1lJPQ==
Based on that, only the groups with rfc2307bis = true have the memberOf relationship.
I believe it is safe to enable the plugin by default - of course I am not an expert in the field, so I count on others to tell me if I am not seeing something.
While testing memberOf LDAP filter, I discovered (thanks to @danlavu ) that memberOf plugin was disabled.
After enabling it and restarting the LDAP service it worked! I performed some tests and it didn't affect rfc2307bis = false tests (as far as I see).
Here is the tests that I did:
And here is the LDAP structure output for groups:
And here is the LDAP structure output for users:
Based on that, only the groups with rfc2307bis = true have the memberOf relationship.
I believe it is safe to enable the plugin by default - of course I am not an expert in the field, so I count on others to tell me if I am not seeing something.