On 11/23/2010 12:34 PM, Nathan Kinder wrote: > On 11/23/2010 08:56 AM, Andrey Ivanov wrote: >> Hi Rich, >> >> I have two issues with this new version (that i have compiled from the >> git sources) >> >> here is the first issue : >> >> there were some changes to the memberfo plugin (Bug 620927) that added >> a more rigorous verification of memberofgroupattr parameter of >> MemberOf plugin. We use the uniqueMember/memberOf attribute pair to >> manage our groups and backlinks. This configuration does not work with >> the 1.2.7 server : >> >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The >> uniqueMember configuration attribute must be set to an attribute >> defined to use the Distinguished Name syntax. (illegal value: >> memberOfGroupAttr) >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (DSA is unwilling to perform) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf >> plugin instance can be used >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (Bad parameter to an ldap routine) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf >> plugin instance can be used >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (Bad parameter to an ldap routine) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf >> plugin instance can be used >> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed >> (Bad parameter to an ldap routine) >> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin >> MemberOf Plugin >> [23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies >> [23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf >> Plugin is not started >> >> >> The thing is that uniquemember does not have the DN syntax, it has >> "Name and Optional UID syntax" : >> >> attributeTypes: ( 2.5.4.50 NAME 'uniqueMember' >> EQUALITY uniqueMemberMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 >> X-ORIGIN 'RFC 4519' ) > Please open a bug on this. My current thinking is that we should also > allow the grouping attribute to use this syntax, but you should be aware > that memberOf will not work if you actually have the optional UID part > present. I went ahead and logged a bug for this: https://bugzilla.redhat.com/show_bug.cgi?id=656515 >> Our memberOf configuration: >> dn: cn=MemberOf Plugin,cn=plugins,cn=config >> objectClass: top >> objectClass: nsSlapdPlugin >> objectClass: extensibleObject >> cn: MemberOf Plugin >> nsslapd-pluginPath: libmemberof-plugin >> nsslapd-pluginInitfunc: memberof_postop_init >> nsslapd-pluginType: postoperation >> nsslapd-pluginEnabled: on >> nsslapd-plugin-depends-on-type: database >> memberofgroupattr: uniqueMember >> memberofattr: memberOf >> nsslapd-pluginId: memberof >> nsslapd-pluginVersion: 1.2.7 >> nsslapd-pluginVendor: 389 Project >> nsslapd-pluginDescription: memberof plugin >> >> >> >> The second issue : when using sutup-ds-admin there is a LD_PRELOAD >> libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz, >> 389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to >> compile teh admin server. >> >> Creating directory server . . . >> Your new DS instance 'dmz' was successfully created. >> Creating the configuration directory server . . . >> Beginning Admin Server creation . . . >> Creating Admin Server files and directories . . . >> Updating adm.conf . . . >> Updating admpw . . . >> Registering admin server with the configuration directory server . . . >> Updating adm.conf with information from configuration directory server . . . >> Updating the configuration for the httpd engine . . . >> Starting admin server . . . >> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be >> preloaded: ignored. >> The admin server was successfully started. >> Admin server was successfully created, configured, and started. >> Exiting . . . >> Log file is '/tmp/setupXxX7a5.log' >> >> >> 2010/11/22 Rich Megginson<rmeggins@xxxxxxxxxx>: >>> 389-ds-base-1.2.7 is now in Testing. This release adds some new >>> features and fixes many bugs. Please help us test. The sooner we can >>> get this release tested, the sooner we can push it to Stable and make it >>> generally available. >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
