1

I'm using spring ldap with OpenDJ and was not able to set the attribute isMemberOf or memberOf for the person. Also, I'm having problem to get createdTimestamp and modifiedTimestamp attributes for the person. Please help

user2205421
  • 11
  • 1
  • 5

2 Answers2

0

The createTimeStamp and modifyTimeStamp LDAP attributes are by specification Operational and read-only: they are set automatically by the server when the entry is created (LDAP ADD operation) or modified.

The isMemberOf is also an operational and read-only attribute in OpenDJ. It is a backlink between a Group and a user. It's computed on the fly, based on Static or Dynamic group. Add the user DN to a group, and you will be able to read the isMemberOf attribute in the user entry.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • 1
    I'm using OpenDJ version 2.5 xpress and Apache Directory Studio, when I added a user using cn instead of uid to a group, it shows the user is a member of a group, but there is no attribute from a user shows that the user isMemberOf this group. also can you give me an example on how to get a operation field from OpenDJ? – user2205421 May 17 '16 at 22:03
  • isMemberOf is an operational attribute and must be specifically requested. I believe that Apache Directory Studio does not request operational attributes by default. – Ludovic Poitou May 19 '16 at 14:05
0

In my implementation, which currently uses Spring LDAP repositories (spring-boot-starter-data-ldap version 3.0.0-M3) and Oracle Unified Directory (OUD), I was able to fetch the operational attribute isMemberOf by simply including the @Attribute annotation on the appropriate user property.

For example:

@Entry(...)
public class AppUser implements UserDetails {
    
    // ... other fields ...

    @Attribute(name = "isMemberOf")
    private List<String> groups;

    // ... getters/setters ...

}

@Repository
public interface AppUserRepository extends LdapRepository<AppUser> {
}

By fetching a user with the repository's findOne() method, and without any additional configuration, it correctly populated the groups property. However, as mentioned in the other answer, it's read-only; to set the isMemberOf, you would need to add the user DN to any relevant groups.

Nathan Karasch
  • 198
  • 1
  • 8