Jonathan,
That worked for me too.... so I just added all users into a group (any group) and all users received the memberof attribute for all groups.
Noriko,
This query returns all users on my LDAP (all users have inetuser class).
Alberto Viana
On Wed, Jul 16, 2014 at 2:46 PM, Jonathan Vaughn <jonathan@xxxxxxxxxxxxx> wrote:
I'm not sure what version we were starting on at the time, but back when we first tried it we didn't have any results with the fixup-memberof.pl script. No errors, just didn't appear to do anything.However, we worked around this by just going into any group that a given user was in, removing them from the group, then adding them, and just this one change for the user caused memberOf plugin to rebuild their entire group membership into memberOf values for all groups they were in (and going forward memberOf has always worked right away because it was already enabled from that point forward). We just had to repeat this once for each then-existing user, and since then everything has "just worked".
On Tue, Jul 15, 2014 at 7:15 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:Alberto,
Alberto Viana wrote:
I'm not sure why. The fix=memberof.pl is supposed to do the following task.Noriko,
Changing that config, if I remove and add again the user in a group worked....but the fixup-memberof.pl didn't.
* 1. Remove all present memberOf values
* 2. Add direct group membership memberOf values
* 3. Add indirect group membership memberOf values
The default filter the utility uses is "(|(objectclass=inetuser)(objectclass=inetadmin))".
If you run ldapsearch -x -D "cn=Directory Manager" -w - -b "OU=my,dc=mydc,dc=local" "(|(objectclass=inetuser)(objectclass=inetadmin))", what does the command line return?As long as your group entry is groupofuniquenames, yes, you need to.
Is there any easy way to update this info on all users?
Another question:
Should I always change this parameter?
I'm asking that because I'm planning to update my 389 to a newer version (due to a db2bak.pl problem that was fixed in this newer version)
Alberto Viana
On Thu, Jul 10, 2014 at 5:16 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto,
Alberto Viana wrote:
Could you try again after replacing the memberofgroupattr value member with uniqueMember?Noriko,
dn: uid=alberto.viana,ou=IT,dc=mydc,dc=local
objectClass: topobjectClass: personobjectClass: organizationalpersonobjectClass: inetOrgPersonobjectClass: ntUserobjectClass: eduPersonobjectClass: brPersonobjectClass: schacPersonalCharacteristicsobjectClass: pwmUserobjectClass: inetuserntUserLastLogoff: 0ntUserDeleteAccount: trueuid: alberto.vianasn: VianagivenName: Albertocn: Alberto Viana
dn: cn=GRP_SRV_WIKI_CONFLUENCE,OU=GROUPS,dc=mydc,dc=localuniqueMember: uid=alberto.viana,ou=IT,dc=mydc,dc=localobjectClass: topobjectClass: groupofuniquenamesobjectClass: ntGroupntGroupDeleteGroup: truecn: GRP_SRV_WIKI_CONFLUENCEntUserDomainId: GRP_SRV_WIKI_CONFLUENCE
Here's my plugin config:# MemberOf Plugin, plugins, configdn: cn=MemberOf Plugin,cn=plugins,cn=configobjectClass: topobjectClass: nsSlapdPluginobjectClass: extensibleObjectcn: MemberOf Pluginnsslapd-pluginPath: libmemberof-pluginnsslapd-pluginInitfunc: memberof_postop_initnsslapd-pluginType: betxnpostoperationnsslapd-pluginEnabled: onnsslapd-plugin-depends-on-type: databasememberofgroupattr: membermemberofattr: memberOfnsslapd-pluginId: memberofnsslapd-pluginVersion: 1.3.2.13nsslapd-pluginVendor: 389 Projectnsslapd-pluginDescription: memberof plugin
If you need something else, just let me know.
On Thu, Jul 10, 2014 at 4:54 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto,
Alberto Viana wrote:
It was a question from Mark :), but thanks for your response. So, you don't get any particular errors or warnings in your error log... Would you mind sharing a typical user and a group entry? Of course you could cleanse the "name" part.Noriko,
Just to let you know that was a totally fresh instalation and I imported my userRoot database, so I dont think so.
Here's my plugin config:# MemberOf Plugin, plugins, configdn: cn=MemberOf Plugin,cn=plugins,cn=configobjectClass: topobjectClass: nsSlapdPluginobjectClass: extensibleObjectcn: MemberOf Pluginnsslapd-pluginPath: libmemberof-pluginnsslapd-pluginInitfunc: memberof_postop_initnsslapd-pluginType: betxnpostoperationnsslapd-pluginEnabled: onnsslapd-plugin-depends-on-type: databasememberofgroupattr: membermemberofattr: memberOfnsslapd-pluginId: memberofnsslapd-pluginVersion: 1.3.2.13nsslapd-pluginVendor: 389 Projectnsslapd-pluginDescription: memberof plugin
I have 2 389DS with this version (replication enabled), the same behavior in both.
Thanks
On Thu, Jul 10, 2014 at 4:29 PM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote:
Can you verify your memberOf settings are still correct(memberofgroupattr, etc)? Maybe something got overwritten during the upgrade?
On 07/10/2014 02:35 PM, Alberto Viana wrote:
Noriko,
=====================# fixup-memberof.pl -D "cn=Directory Manager" -w - -b "OU=my,dc=mydc,dc=local"Bind Password:Successfully added task entry "cn=memberOf_fixup_2014_7_10_15_25_29, cn=memberOf task, cn=tasks, cn=config"=====================
It Removed all memberof entries for my user...is the expected behavior?
Even if remove the user from a group and add it again, its not working.
Thanks
On Thu, Jul 10, 2014 at 3:20 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
What happens if you run this utility?
/usr/lib[64]/dirsrv/slapd-YOURID/fixup-memberof.pl
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#fixup-memberof.pl
Then, continue updating your user in a group?
Thanks,
--noriko
Alberto Viana wrote:
Hi,
389-Directory/1.3.2.13 B2014.141.1513
I recently updated my server to 1.3.2.13 and the "memberof" plugin is not working as expected, it's not updating my user "memberOf" attribute whe I put a user in a group.
How can I debug it?
I tried to set my nsslapd-errorlog-level to 65536 but could not find any useful information.
Thanks
Alberto Viana
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
