Re: [389-users] memberOf attribute and plugin behaviour between sub-suffixes.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/22/2011 11:41 PM, Juan Carlos Camargo Carrillo wrote:
Thanks for answering. Here you go:

# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
Thanks. It looks as though memberOf does not work across sub-suffix/backend boundaries.


El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribiÃ:
On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
Is the memberOf attribute handling by the memberOf plugin limited to objects inside the same subsuffix?
If it's not planned as such please doublecheck this behaviour within the following scenario:

- suffix dc=directory,dc=org
- subsuffix ou=users,dc=directory,dc=org
- subsuffix ou=testing,ou=users,dc=directory,dc=org

We have then three databases. They're not replicated. The membefOf plugin works only with elements (users and groups) that belong to the same subsuffix. But not between different subsuffixes. As such, if you make a user of ou=testing... member of a group of ou=users then the plugin will not populate the memberOf attribute for that user.

The same here:
- subsuffix ou=users,dc=example,dc=com
- subsuffix ou=grupos,dc=example,dc=com

Here the plugin wont work either. If you make a user inside ou=users member of a group inside ou=groups then the value of memberOf wont be populated.

If you set debug to heavy trace, you'll see that the plugin runs in every situation but:
1.- when the objects belong to the same subsuffix, adding one membership triggers the memberOf plugin to "ldap replace" values, which is correct.
2.- when the objects belong to different subsuffix, adding one membership triggers the memberOf plugin to "ldap REMOVE" values, which amazes me.
Can you post your memberOf plugin configuration?


DS 1.2.8.2 CentOS5. 
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux