I would migrate the schema too. Seems to be the correct thing to do... Nick
On Mon, Nov 1, 2021 at 12:15 PM Keith LeValley <[email protected]> wrote: > Good afternoon, > > I am working to migrate my LDAP setup to openldap, however I have run into > a problem around group membership. > > Specifically my old instance of ldap used the attribute "groupMembership" > and I need to support this moving forward, so if you were to query the > attribute "groupMembership" it needs to return the groups the user is part > of. > > Currently in my test environment I have the memberof overlay working, and > I found the option > > *memberof-memberof-ad* > > which should allow me to create a custom attribute named "groupMembership" > and point the overlay at that attribute. I am really hoping to avoid this > though and would much rather have a cleaner solution. Maybe some type of > interface that just acts as a pointer to the memberof attribute when they > query groupMembership? But I am not familiar enough with openldap to know > whether this is even possible. > > So I guess my question is; is the custom attribute going to be the > solution here or is there another tool that I am unaware of? > > -- > Keith LeValley > Identity Services Architect, Davenport University > phone: (616) 732-1102 > [email protected] >
