On 11/23/2010 09:33 AM, Nathan Kinder wrote: > On 11/23/2010 08:56 AM, Andrey Ivanov wrote: >> Hi Rich, >> >> I have two issues with this new version (that i have compiled from the >> git sources) >> >> here is the first issue : >> >> there were some changes to the memberfo plugin (Bug 620927) that added >> a more rigorous verification of memberofgroupattr parameter of >> MemberOf plugin. We use the uniqueMember/memberOf attribute pair to >> manage our groups and backlinks. This configuration does not work with >> the 1.2.7 server : >> >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The >> uniqueMember configuration attribute must be set to an attribute >> defined to use the Distinguished Name syntax. (illegal value: >> memberOfGroupAttr) >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (DSA is unwilling to perform) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf >> plugin instance can be used >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (Bad parameter to an ldap routine) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf >> plugin instance can be used >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (Bad parameter to an ldap routine) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf >> plugin instance can be used >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (Bad parameter to an ldap routine) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies >> [23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf >> Plugin is not started >> >> >> The thing is that uniquemember does not have the DN syntax, it has >> "Name and Optional UID syntax" : >> >> attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' >> EQUALITY uniqueMemberMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 >> X-ORIGIN 'RFC 4519' ) >> >> Our memberOf configuration: >> dn: cn=MemberOf Plugin,cn=plugins,cn=config >> objectClass: top >> objectClass: nsSlapdPlugin >> objectClass: extensibleObject >> cn: MemberOf Plugin >> nsslapd-pluginPath: libmemberof-plugin >> nsslapd-pluginInitfunc: memberof_postop_init >> nsslapd-pluginType: postoperation >> nsslapd-pluginEnabled: on >> nsslapd-plugin-depends-on-type: database >> memberofgroupattr: uniqueMember >> memberofattr: memberOf >> nsslapd-pluginId: memberof >> nsslapd-pluginVersion: 1.2.7 >> nsslapd-pluginVendor: 389 Project >> nsslapd-pluginDescription: memberof plugin > Prior to 1.2.7, how was this configuration working for you? What sort > of values were you setting in the "uniqueMember" attribute? The > memberOf plug-in really needs a full DN to work, which is why the > restriction to use an attribute with the DN syntax was added. One other note to add is that the syntax of an attribute is taken into account when attribute values are compared. The memberOf plug-in does comparisons like this to detect grouping loops. It is important to use the DN syntax here when we are comparing values that represent DNs, as there are many special rules that pertain to a DN. If an attribute is used that uses some other syntax, the comparisons may not detect two equivalent DNs which could cause a group looping issue. >> >> The second issue : when using sutup-ds-admin there is a LD_PRELOAD >> libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz, >> 389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to >> compile teh admin server. >> >> Creating directory server . . . >> Your new DS instance 'dmz' was successfully created. >> Creating the configuration directory server . . . >> Beginning Admin Server creation . . . >> Creating Admin Server files and directories . . . >> Updating adm.conf . . . >> Updating admpw . . . >> Registering admin server with the configuration directory server . . . >> Updating adm.conf with information from configuration directory server . . . >> Updating the configuration for the httpd engine . . . >> Starting admin server . . . >> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be >> preloaded: ignored. >> The admin server was successfully started. >> Admin server was successfully created, configured, and started. >> Exiting . . . >> Log file is '/tmp/setupXxX7a5.log' >> >> >> 2010/11/22 Rich Megginson<rmeggins@xxxxxxxxxx>: >>> 389-ds-base-1.2.7 is now in Testing. This release adds some new >>> features and fixes many bugs. Please help us test. The sooner we can >>> get this release tested, the sooner we can push it to Stable and make it >>> generally available. >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
