automembership plugin questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Guys,

I try to get the automembership plugin configured and running in the right way, 
but it still causes some headaches.


I'm running CentOS 6.7 and the following 389 packages:

389-ds-base-1.2.11.15-69.el6_7.x86_64
389-ds-base-libs-1.2.11.15-69.el6_7.x86_64


I followed the guide at

http://directory.fedoraproject.org/docs/389ds/design/automember-design.html

and created a group, where the members should be automatically added:


dn: cn=users,ou=app,ou=groups,dc=example,dc=com
description: users group
objectClass: top
objectClass: groupofnames
cn: users


And the corresponding auto membership plugin entry:


dn: cn=users,cn=Auto Membership Plugin,cn=plugins,cn=config
cn: users
objectclass: top
objectclass: autoMemberDefinition
autoMemberScope: dc=example,dc=com
autoMemberFilter: Team=ops
autoMemberDefaultGroup: cn=users,ou=app,ou=groups,dc=example,dc=com
autoMemberGroupingAttr: member:dn


After that, I added a user who got the Team attribute (own schema extension) 
set to 'ops'


dn: uid=foo,ou=people,dc=example,dc=com
objectClass: top
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: inetorgPerson
objectClass: person
objectClass: shadowAccount
objectClass: ldapPublicKey
objectClass: bopsUser
objectClass: inetuser
uid: foo
uidNumber: 2222
gidNumber: 2222
homeDirectory: /home/foo
loginShell: /bin/bash
cn: foo bar
givenName: foo
sn: bar
gecos: foo bar
mail: foo.bar@xxxxxxxxxxx
Team: ops


A ldapsearch for the groups member attribute shows the user's dn being added 
automatically:

# users, app, groups, bildops.de
dn: cn=users,ou=app,ou=groups,dc=example,dc=com
member: uid=foo,ou=people,dc=example,dc=com


When the user entry is removed, the membership also disappears.
But whenever I just changed the Team attribute of an existing user, the 
membership did not change. 

I found a page describing a rebuild task implemented in the plugin at:

https://fedorahosted.org/389/ticket/20

It worked for me for any existing users, who got the Team attribute set to 
'ops'. The task finds them and puts their dn into the group.

But the opposite way did not work:
I changed the Team's value from 'ops' to 'none' and started the task, but the 
user's dn is still a member of the group. 

Is this the expected behavior?


thank you very much,


cheers, Frank


--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux