<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Please find additional information on the configuration of the blog system<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>My configuration:<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>AuthenticationModule LDAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPAuthURL ldap://xxxxx:389/dc=sf4u,dc=com?mail<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPAuthBindDN cn=Directory Manager (will replace with application user account once phase one integration is completed)<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPAuthPassword xxxxxx<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPAuthSASLMechanism PLAIN (note SSL not yet configured)<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>ExternalUserManagement 1<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>ExternalGroupManagement 1<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>ExternalUserSyncFrequency 60<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPGroupNameAttribute cn<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPGroupIdAttribute nsUniqueId<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPGroupFullNameAttribute cn<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPGroupMemberAttribute memberof<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPGroupSearchBase ou=customers,dc=xxx,dc=com<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPGroupFilter (objectclass=ldapSubEntry)<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPUserIdAttribute uid<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPUserEmailAttribute mail<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPUserFullNameAttribute cn<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>LDAPUserGroupMemberAttribute nsrole<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>The default settings for OpenLDAP installations are:<o:p></o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><thead><tr><td valign=top style='border:solid #DDDDDD 1.0pt;background:#F0F0F0;padding:3.75pt 11.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#003366;mso-fareast-language:EN-GB'>Stage 1<o:p></o:p></span></b></p></td><td valign=top style='border:solid #DDDDDD 1.0pt;border-left:none;background:#F0F0F0;padding:3.75pt 11.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#003366;mso-fareast-language:EN-GB'> <o:p></o:p></span></b></p></td></tr></thead><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Authentication URL</span></b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>ldap://<FQDN of LDAP server>:389/dc=xxxx,dc=com?mail<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Authentication DN</span></b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Authentication Password</span></b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Password <o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Test Username</span></b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Test email address<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Test Password</span></b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>Password for test user<o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><thead><tr><td valign=top style='border:solid #DDDDDD 1.0pt;background:#F0F0F0;padding:3.75pt 11.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#003366;mso-fareast-language:EN-GB'>Stage 2<o:p></o:p></span></b></p></td><td valign=top style='border:solid #DDDDDD 1.0pt;border-left:none;background:#F0F0F0;padding:3.75pt 11.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#003366;mso-fareast-language:EN-GB'> <o:p></o:p></span></b></p></td></tr></thead><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>Group Search Base Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>dc=xxx,dc=com<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>Group Filter Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#333333;background:white'>(objectClass=groupOfUniqueNames)</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><thead><tr><td valign=top style='border:solid #DDDDDD 1.0pt;background:#F0F0F0;padding:3.75pt 11.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#003366;mso-fareast-language:EN-GB'>Attributes<o:p></o:p></span></b></p></td><td valign=top style='border:solid #DDDDDD 1.0pt;border-left:none;background:#F0F0F0;padding:3.75pt 11.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><b><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#003366;mso-fareast-language:EN-GB'>OpenLDAP<o:p></o:p></span></b></p></td></tr></thead><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>User ID Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>entryUUID<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>Email Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>mail<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>User Fullname Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>cn<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>User Member Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>uid<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>GroupID Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>entryUUID<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>Group Name Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>cn<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>Group Fullname Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>cn<o:p></o:p></span></p></td></tr><tr><td valign=top style='border:solid #DDDDDD 1.0pt;border-top:none;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#2B2B2B;mso-fareast-language:EN-GB'>Group Member Attribute</span><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p></td><td valign=top style='border-top:none;border-left:none;border-bottom:solid #DDDDDD 1.0pt;border-right:solid #DDDDDD 1.0pt;padding:3.75pt 5.25pt 3.75pt 5.25pt'><p class=MsoNormal style='line-height:13.0pt'><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#333333;mso-fareast-language:EN-GB'>memberUid<o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='color:#1F497D'><o:p> </o:p></span></a></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-GB'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-GB'> Andy [mailto:racingyacht1@gmail.com] <br><b>Sent:</b> 31 August 2013 13:43<br><b>To:</b> '389-users@lists.fedoraproject.org'<br><b>Subject:</b> Membership of Roles<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hello<o:p></o:p></p><p class=MsoNormal>I am testing integration of 389-ds with a blogging system. I plan to use roles instead of groups to automatically give users rights to service on the blog system. However, I am having problems with the system identifying members of roles. I need help with defining the correct search parameters to identify which roles a uid or cn is a member of.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>From within the blog system I’m using LDAPGroupFilter (objectclass=ldapSubEntry) to list the roles. The roles list correctly as groups within the blog system. <o:p></o:p></p><p class=MsoNormal>From within 389 the members of roles are configured as filtered, and I can see the configured members using the Directory Server GUI.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The blog system is not identifying members of roles when it does its search against 389. Note, users can log into the blog system using the accounts created on 389. I don’t think I am applying the correct search criteria to identify group membership. I need advice on creation of the correct search criteria for membership of roles/groups. <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Sample log from access<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=0 BIND dn="cn=Directory Manager" method=128 version=3<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=1 SRCH base="dc=xxxx,dc=com" scope=2 filter="(&(<a href="mailto:mail=testuser16@xxxx.com)(objectClass=*))">mail=testuser16@xxxx.com)(objectClass=*))</a>" attrs="distinguishedName"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=1 RESULT err=0 tag=101 nentries=1 etime=0<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=2 BIND dn="uid=1000016,ou=Customers,dc=xxxx,dc=com" method=128 version=3<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=1000016,ou=customers,dc=xxxx,dc=com"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=3 BIND dn="cn=Directory Manager" method=128 version=3<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=4 SRCH base="dc=xxxx,dc=com" scope=2 filter="(&(<a href="mailto:mail=testuser16@xxxx.com)(objectClass=*))">mail=testuser16@xxxx.com)(objectClass=*))</a>" attrs="uid mail cn mail distinguishedName"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=4 RESULT err=0 tag=101 nentries=1 etime=0<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=5 SRCH base="dc=xxxx,dc=com" scope=2 filter="(|(uid=1000016))" attrs="nsRole"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=5 RESULT err=0 tag=101 nentries=1 etime=0<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=6 SRCH base="ou=customers,dc=xxxx,dc=com" scope=2 filter="(&(|(member=cn=xxxxrolecommentertest,ou=customers,dc=xxxx,dc=com))(objectClass=ldapSubEntry))" attrs="cn cn member nsUniqueId"<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=6 RESULT err=0 tag=101 nentries=0 etime=0<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=7 UNBIND<o:p></o:p></p><p class=MsoNormal>[31/Aug/2013:11:09:39 +0100] conn=265 op=7 fd=68 closed - U1<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>