On 11/10/2009 08:35 PM, John A. Sullivan III wrote:
Hello, all. I'm running CentOS Directory Server 8.1 on CentOS 5.4. For some reason, the memberof plugin does not seem to be working on the replica. My first suspicion is we have done something wrong but I wonder if there is an error in the documentation. Here are the details. We are single master setup with a single replica. We noticed some of our LDAP queries were not correctly detecting group membership. We double checked the memberofplugin configuration and, for some reason, it seem to have reverted to looking at member instead of uniquemember. We changed this on the master and our problem went away. However, in the process of double-checking our steps, we read that the memberof attribute should NOT be replicated. We had not excluded it. So, we destroyed the replication agreement, created a new fractional replication enabled one, and reinitialized the replica. All of the memberof information was missing from all users on the replica. We then tried to rebuild it by running the fixup-memberof.pl script. That didn't work. We then simply tried deleting users from groups and adding them to see if that would work. It worked fine on the master but not on the replica. Is the documentation in error and replication of memberof should be excluded only in multimaster but should be propagated to consumers or have we done something wrong? I compared the memberofplugin definitions in dse.ldif on both and they look identical including being enabled. Nothing is jumping out in the error or audit logs.
The only reason for using fractional replication to exclude the memberOf attribute is to avoid any sort of dangling membership issue when using multi-master replication. In your single-master replication setup, you only need to configure the memberOf plug-in on your master, not the replica. You can then safely replicate the memberOf attribute since a single-master replication scenario has no chance for conflicting changes from separate masters. Please open a documentation bug on this so we can get things cleared up in the manuals.
We eventually added memberof to the replication agreement and resynchronized just to get the data across. We've pulled it back out and, as expected, any changes are not replicating. What are we doing wrong? Where do we look next to troubleshoot it? Thanks - John
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
