On 05/15/2015 12:36 PM, Ghiurea, Isabella wrote:
HI LIst,
we are seeing some strange behavoiurs in our DS ( members of pluging is enabled)
if we add a user to a group we can't see that new user in group for some minutes /days , the follwing curl returns 0 members in group but ( there were already 2 members+ 1 added )
running same curl command today (2 days later) the
group memberships now show up as expected:
curl -v -u xxxxxx "http://www.ababababababb?
ID=xxxx&IDTYPE=http&ROLE=member"
So, there is something in LDAP which is taking a long time and is affecting group queries.
we wol;d like to know if this can be a case when using 'membership plugin' that aggregates user membership
for reporting?
Firstly, rpm -q 389-ds-base
Are you using IdM/IPA or plain 389?
The best way to test would be to use ldapsearch.
1) Get the user entry before doing some operation to add/remove from group:
ldapsearch -xLLL -D "cn=directory manager" -w "password" -b
"dc=your,dc=base,dc=suffix" "uid=theuserid" \* memberof
2) Perform some sort of operation to modify group membership
whatever that is
3) Get the user entry after:
ldapsearch -xLLL -D "cn=directory manager" -w "password" -b
"dc=your,dc=base,dc=suffix" "uid=theuserid" \* memberof
4) Get the group entry after:
ldapsearch -xLLL -D "cn=directory manager" -w "password" -b
"dc=your,dc=base,dc=suffix" "cn=nameofgroup"
'
Thank you
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
