Novell is now a part of Micro Focus

Adding to a Group Membership via LDAP

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 8 Dec 2004

A Forum reader recently asked: "Is it possible to add a person to a group membership using only an LDAP tool? I know that you muust modify the user's groupmemberships and the Groups members, but I can't get it to work and I don't want to use LDIF. Can anyone point me in the right direction?"

And here are some of the responses from our Forum experts:

There are actually 4 attributes that need to be modified. Of course, you still need to use the LDAP attribute names. Here's what you need to do:

  1. Add the User to the Member attribute of the Group object
  2. Add the User to the Equivalent To Me attribute of the Group object
  3. Add the Group to the Group Membership attribute of the User object
  4. Add the Group to the Security Equals attribute of the User object

You can pass the attributes that need to be changed directly to ldapmodify. The procedure for doing this is described below:

  1. Start ldapmodify and enter your password.
  2. For example:
    ldapmodify -x -D cn=admin,dc=suse,dc=de -W (Enter LDAP password:)
  3. Enter the changes, carefully complying with the syntax in the order shown below:
dn: cn=Tux Linux,ou=devel,dc=suse,dc=de
changetype: modify
replace: telephoneNumber
telephoneNumber: +49 1234 567-10

The best way to figure out what exactly needs to be changed in an LDIF file is to do the following:

  1. Export a test user.
  2. Make the change.
  3. Export the user again.
  4. Compare the before and after LDIFs and create a Modification Template.
  5. Create the modification LDIF file.

I usually use a Microsoft Word document for the template, then put the data into an Excel spreadsheet and do a Mail Merge.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates