Compatibility

Starting with GLAuth 2.1.0:

• it is possible to browse through the server’s tree using LDAP clients
• scopes (base, one, sub) are supported and behave (mostly) as expected
• whenever necessary, organizational units ("ou") are utilized
• groups are available both as posixgroup and groupOfUniqueNames entities

Enabling Compatibility Mode

In order to prevent breaking existing setups, some of these changes are not enabled by default. To switch to full compatibility mode, update your configuration file:

1[backend] 
2  datastore = "config"
3  baseDN = "dc=glauth,dc=com"
4  nameformat = "cn" 
5  groupformat = "ou"
[backend] # [tl! focus]
  datastore = "config"
  baseDN = "dc=glauth,dc=com"
  nameformat = "cn" # [tl! focus:1]
  groupformat = "ou"

Note that cn is already the default search attribute. You can use instead uid or ou and, as long as your bind DN if configured accordingly, you will be able to browse/search the directory.

Noticeable changes

When browsing/querying with specific scope…

Searching from a top level, dn refers to the correct path:

1dn: cn=hackers,ou=superheros,c=glauth,dc=com 
2dn: cn=hackers,ou=superheros,ou=users,dc=glauth,dc=com 
3dn: cn=hackers,ou=superheros,dc=glauth,dc=com 
4dn: cn=hackers,ou=superheros,ou=groups,dc=glauth,dc=com 
dn: cn=hackers,ou=superheros,c=glauth,dc=com # [tl! --]
dn: cn=hackers,ou=superheros,ou=users,dc=glauth,dc=com # [tl! ++]
dn: cn=hackers,ou=superheros,dc=glauth,dc=com # [tl! --]
dn: cn=hackers,ou=superheros,ou=groups,dc=glauth,dc=com # [tl! ++]

Membership refers to organizational units:

1memberOf: cn=superheros,ou=groups,dc=glauth,dc=com 
2memberOf: ou=superheros,ou=groups,dc=glauth,dc=com 
memberOf: cn=superheros,ou=groups,dc=glauth,dc=com # [tl! --]
memberOf: ou=superheros,ou=groups,dc=glauth,dc=com # [tl! ++]

Top-level classes are reporting their class hierarchy correctly:

1objectClass: posixGroup
2objectClass: top 
objectClass: posixGroup
objectClass: top # [tl! ++]

• Quick Start
• Introduction