<br><br><div class="gmail_quote">2009/5/21 John A. Sullivan III <span dir="ltr"><<a href="mailto:jsullivan@opensourcedevel.com">jsullivan@opensourcedevel.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Thank you, Andrey. I did do an updatedb and then locate - no<br>
fixup-member0f.pl - just <a href="http://template.fixup-memberOf.pl" target="_blank">template.fixup-memberOf.pl</a> :-(</blockquote><div>It is very strange. Normally during the server installation the template should be converted to the "normal" perl script.<br>
<br>Have you verified the configuration of the memberOf plugin, especially the arguments/attributes "memberofgroupattr" and "memberofattr" ?<br><br><br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
Unless I'm missing something, you're ldapmodify looks just like mine<br>
except for the cn (I believe the documentation says it can be called<br>
anything) and I did not use a filter (again, I believe the documentation<br>
says it is optional and our dit is still rather small).</blockquote><div>If you do not put the filter into the ldif then the default filter is used : "(objectClass=inetuser)". Do all your user entries include this objectClass (inetuser)? If not, you should add this objectClass to all the entries where you want the memberOf attribute to appear.<br>
<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
I did create a new group and add myself to it as you suggested (thank<br>
you). Surprisingly, it did not appear to work. I did not see a<br>
memberOf attribute populated for me. I then thought I would see if I<br>
need to manually add that attribute to each user (I hope not!) and I did<br>
not see memberOf as an attribute I could add to my user object.</blockquote><div> </div><div>No. You should not add it manually, the memberOf attribute is maintained automatically based on the group membership.<br><br>Do you see any message in error log? There should be something about the impossibility to write the memberof attribute i think.<br>
If you cannot add this attribute manually to your entry it means that your entry does not containe "objectClass: inetuser". Add this objectClass to all the entries that should be "managed" by the plug-in to allow the attribute memberOf to be written to that entries.<br>
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
I have verified that the plugin is defined in dse.ldif and it is<br>
enabled. I also see memberOf defined in 20subscriber.ldif and did not<br>
see anything in the documentation about needing to extend the schema.</blockquote><div>No, you don't need to extend the schema but you need to make sure that your entries include the objectClass "inetuser": <br>
<br>objectClasses: ( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary class which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHTTPURL $ userPassword $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' )<br>
<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
So, at this point, I am still at a loss for what I did wrong. What do I<br>
check next? Thanks - John</blockquote><div>Try to add the "objectClass: inetuser" to the entries concerned and take a closer look to the "errors" log file.<br><br>@+<br><br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<div><div></div><div class="h5"><br>
On Thu, 2009-05-21 at 12:59 +0200, Andrey Ivanov wrote:<br>
> Hi,<br>
><br>
> there are two things to be verified and/or taken into account:<br>
> * the pair of the attributes that is maintained (the arguments<br>
> "memberofgroupattr" and "memberofattr" of the plug-in)<br>
> * presence of these two attributes in the classes of your users and<br>
> groups<br>
><br>
> To find fixup-memberof.pl try "locate fixup-memberof.pl".<br>
><br>
> To launch it manually you need to add something like that to the<br>
> server (with ldapmodify) :<br>
> dn: cn=memberOf_fixup_2009_5_21_12_39_21, cn=memberOf task, cn=tasks,<br>
> cn=config<br>
> changetype: add<br>
> objectclass: top<br>
> objectclass: extensibleObject<br>
> cn: memberOf_fixup_2009_5_21_12_39_21<br>
> basedn: dc=example,dc=com<br>
> filter: (objectClass=inetOrgPerson)<br>
><br>
><br>
> As for your account, you may remove/add yourself from a group to see<br>
> if it changes the memberof attribute. Verify the objectClass of your<br>
> entry and make sure the attribute memberOf is an optional attribute of<br>
> at least one of these objectClasses...<br>
><br>
><br>
><br>
> 2009/5/21 John A. Sullivan III <<a href="mailto:jsullivan@opensourcedevel.com">jsullivan@opensourcedevel.com</a>><br>
> Hello, all. We are in the process of upgrading from 8.0 to<br>
> 8.1. We've<br>
> hit a few glitches along the way but most has gone well.<br>
> However, we<br>
> wanted to implement the new memberOf functionality. We<br>
> successfully<br>
> added the plugin by editing dse.ldif and enabled it from the<br>
> console.<br>
> However, we've been unsuccessful in having existing group<br>
> membership<br>
> assigned to the memberOf attribute.<br>
><br>
> We first tried to run fixup-memberOf.pl but the script does<br>
> not exist.<br>
> There is a <a href="http://template.fixup-memberOf.pl" target="_blank">template.fixup-memberOf.pl</a> but this does not seem<br>
> to have<br>
> been built into a final script.<br>
><br>
> We then thought we would use the new task feature of the<br>
> console. We<br>
> went to cn=memberof task,cn=tasks,cn=config and tried to<br>
> create the task<br>
> object. There was no nsDirectoryServerTask objectclass. We<br>
> added an<br>
> nstask but then found there was no basedn attribute we could<br>
> add. We<br>
> then created an extensibleobject instead but still not basedn<br>
> attribute.<br>
><br>
> Finally, we resorted to ldapmodify (we hesitated just because<br>
> we are not<br>
> very familiar with the command line tools). First, we did:<br>
><br>
> dn: cn=fixMemberOf,cn=memberof task,cn=tasks,cn=config<br>
> changetype: add<br>
> objectclass: top<br>
> objectclass: extensibleObject<br>
> cn: fixMemberOf<br>
> basedn: o=Internal,dc=ssiservices,dc=biz<br>
><br>
> The Internal Organization has several organizations under it<br>
> (for<br>
> various clients) and then user organizational units under<br>
> those<br>
> organizations. Although it generated no errors, it did not<br>
> seem to<br>
> work. Perhaps I just don't know how to test it. However, the<br>
> following<br>
> did not return an memberOf data:<br>
><br>
> /usr/lib64/mozldap/ldapsearch -b<br>
> "ou=Users,o=client1,o=Internal,dc=ssiservices,dc=biz" -D<br>
> "cn=Directory<br>
> Manager" -w - -h ldap uid=myid memberOf<br>
><br>
> Doing /usr/lib64/mozldap/ldapsearch -b<br>
> "ou=Users,o=client1,o=Internal,dc=ssiservices,dc=biz" -D<br>
> "cn=Directory<br>
> Manager" -w - -h ldap uid=myid<br>
> showed me plenty of attributes but nothing for memberOf<br>
><br>
> I also tried creating the task with a basedn of<br>
> ou=Users,o=client1,o=Internal,dc=ssiservices,dc=biz in case it<br>
> did not<br>
> change objects lower in the tree. Still no success.<br>
><br>
> Finally I tried:<br>
><br>
> dn: cn=fixMemberOf,cn=memberof task,cn=tasks,cn=config<br>
> changetype: add<br>
> objectclass: top<br>
> objectclass: nsDirectoryServerTask<br>
> cn: fixMemberOf<br>
> basedn: o=Internal,dc=ssiservices,dc=biz<br>
><br>
> adding new entry cn=fixMemberOf,cn=memberof<br>
> task,cn=tasks,cn=config<br>
> ldap_add: Object class violation<br>
> ldap_add: additional info: unknown object class<br>
> "nsDirectoryServerTask"<br>
><br>
> And received the expected unknown object class error.<br>
><br>
> What are we doing wrong? Are these documentation bugs? Are<br>
> there<br>
> application bugs or do we simply not know what we are doing<br>
> with tasks<br>
> and memberOf? How do we get the memberOf information into our<br>
> existing<br>
> user objects? Thanks - John<br>
><br>
><br>
> --<br>
> John A. Sullivan III<br>
> Open Source Development Corporation<br>
> +1 207-985-7880<br>
> <a href="mailto:jsullivan@opensourcedevel.com">jsullivan@opensourcedevel.com</a><br>
><br>
> <a href="http://www.spiritualoutreach.com" target="_blank">http://www.spiritualoutreach.com</a><br>
> Making Christianity intelligible to secular society<br>
><br>
> --<br>
> Fedora-directory-users mailing list<br>
> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
><br>
> --<br>
> Fedora-directory-users mailing list<br>
> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
</div></div>--<br>
<div><div></div><div class="h5">John A. Sullivan III<br>
Open Source Development Corporation<br>
+1 207-985-7880<br>
<a href="mailto:jsullivan@opensourcedevel.com">jsullivan@opensourcedevel.com</a><br>
<br>
<a href="http://www.spiritualoutreach.com" target="_blank">http://www.spiritualoutreach.com</a><br>
Making Christianity intelligible to secular society<br>
<br>
--<br>
Fedora-directory-users mailing list<br>
<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
</div></div></blockquote></div><br>