[389-users] memberof entries not appearing in replica with memberof plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/10/2009 08:35 PM, John A. Sullivan III wrote:
> Hello, all.  I'm running CentOS Directory Server 8.1 on CentOS 5.4.  For
> some reason, the memberof plugin does not seem to be working on the
> replica.  My first suspicion is we have done something wrong but I
> wonder if there is an error in the documentation.  Here are the details.
>
> We are single master setup with a single replica.  We noticed some of
> our LDAP queries were not correctly detecting group membership.  We
> double checked the memberofplugin configuration and, for some reason, it
> seem to have reverted to looking at member instead of uniquemember.  We
> changed this on the master and our problem went away.
>
> However, in the process of double-checking our steps, we read that the
> memberof attribute should NOT be replicated.  We had not excluded it.
> So, we destroyed the replication agreement, created a new fractional
> replication enabled one, and reinitialized the replica.  All of the
> memberof information was missing from all users on the replica.  We then
> tried to rebuild it by running the fixup-memberof.pl script.  That
> didn't work.  We then simply tried deleting users from groups and adding
> them to see if that would work. It worked fine on the master but not on
> the replica.
>
> Is the documentation in error and replication of memberof should be
> excluded only in multimaster but should be propagated to consumers or
> have we done something wrong? I compared the memberofplugin definitions
> in dse.ldif on both and they look identical including being enabled.
> Nothing is jumping out in the error or audit logs.
>    
The only reason for using fractional replication to exclude the memberOf
attribute is to avoid any sort of dangling membership issue when using
multi-master replication.  In your single-master replication setup, you
only need to configure the memberOf plug-in on your master, not the
replica.  You can then safely replicate the memberOf attribute since a
single-master replication scenario has no chance for conflicting changes
from separate masters.

Please open a documentation bug on this so we can get things cleared up
in the manuals.
> We eventually added memberof to the replication agreement and
> resynchronized just to get the data across.  We've pulled it back out
> and, as expected, any changes are not replicating.  What are we doing
> wrong? Where do we look next to troubleshoot it? Thanks - John
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux