Re: MemberOf Plugin - experiences?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:
Existing entries are not added automatically when enabling the plugin, you have to either run the fixup-memberof.pl script (if it works for you - it never did anything for us),

This is the documented way to do it.

https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof

6.1.4.5. Synchronizing memberOf Values
The MemberOf Plug-in automatically manages the memberOf attribute on group member entries, based on the configuration in the group entry itself. However, the memberOf attribute can be edited on a user entry directly (which is improper) or new entries can be imported or replicated over to the server that have a memberOf attribute already set. These situations create inconsistencies between the memberOf configuration managed by the server plug-in and the actual memberships defined for an entry.
Directory Server has a memberOf repair task which manually runs the plug-in to make sure the appropriate memberOf attributes are set on entries. There are three ways to trigger this task:

    In the Directory Server Console
    Using the fixup-memberof.pl script
    Running a cn=memberof task,cn=tasks,cn=config tasks entry

6.1.4.5.1. Initializing and Regenerating memberOf Attributes Using fixup-memberof.pl
The fixup-memberof.pl script launches a special task to regenerate all of the memberOf attributes on user entries based on the defined member attributes in the group entries. This is a clean-up task which synchronizes the membership defined in group entries and the corresponding user entries and overwrites any accidental or improper edits on the user entries.

    Open the tool directory for the Directory Server instance, /usr/lib/dirsrv/slapd-instance_name/.
    Run the script, binding as the Directory Manager.

    ./fixup-memberof.pl -D "cn=Directory Manager" -w password

The fixup-memberof.pl command is described in more detail in the Configuration and Command-Line Tool Reference.

If it is not working for you, then please describe the steps you took.

or you have to make a change to each pre-existing user to trigger the memberOf updating. The easiest way to do that is to simply create a group and add everyone to it, then remove it (unless of course you actually have a use for said group). If you already have a group with everyone in it, you can probably create a new group, and add that group as a member of the new group. 



On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes <Lars.Remes@xxxxxxxxxx> wrote:
I'm not sure if existing entries are added automatically when you enable the plugin.
I would assume so, but in any case at any time you can run the fix-up task that will sync the attributes.
You can define the scope for the task using a filter, for example, fix only ou=orgunit,ou=People,... branch of the DIT.

--
Lars Remes / Service Quality

lars.remes@xxxxxxxxxx
www.symbio.com


> -----Original Message-----
> From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Vesa Alho
> Sent: 21. lokakuuta 2013 15:50
> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: MemberOf Plugin - experiences?
>
> On 10/21/2013 01:37 PM, Lars Remes wrote:
> > We are using the memberOf plugin in a global, multi-master-multi-slave
> setup, and so far we have not encountered any major issues.
> >
> > You can easily change the membership attribute, for example, to
> memberUid.
> > MMR is handled by not replicating the memberOf attribute between
> masters, but the attribute IS copied to slaves. Each master runs own instance
> of the plugin.
> >
> > Sometimes you may need to manual launch the fix-up task, but that has
> been quite rare.
> > If necessary, you can schedule it to run periodically.
>
> How does it work for already existing entries if I enable the plugin? Do
> I need add them "manually" or does the plugin add them automatically?
>
> Naturally I will test this well before changing production, but just
> interested what it takes to start using it.
>
> Thanks for replying!
>
> -Vesa
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux