Description
As an example using sample-simple.cfg
Certain programs that use LDAP need to enumerate the groups available.
While I can see that GLAuth creates the uid as memberOf groups ie
memberOf: cn=superheros,ou=groups,dc=glauth,dc=com
It seems you can't list the groups directly like you can with users. Example.
ldapsearch -LLL -H ldap://localhost:389 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com ou=superheros
Returns everything from the 'superheros' OU - ie the Users listing.
However:
ldapsearch -LLL -H ldap://localhost:389 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com ou=groups
Returns nothing. You would expect it to return the group listings etc.
By the same convention you should be able to search a group and returns the members with the group, Example:
ldapsearch -LLL -H ldap://localhost:389 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com cn=svcaccts,ou=groups,dc=glauth,dc=com
Returns nothing. You would expect the group to be returned with the users of that group etc.
This functionality of search is expected by a lot of programs to correctly configure groups and RBAC based on groups etc.
Hopefully that all makes sense. Thanks Cam.