On 09/08/2015 03:31 PM, Craig Setera wrote:
I did restart the server. The following is an example of a user
entry:
dn: uid=craig(a)demo.com
<mailto:craig@demo.com>,ou=demo,ou=People,dc=demo,dc=com
objectClass: accountPolicy
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: nuxeoUser
objectClass: organizationalPerson
objectClass: person
objectClass: pwmUser
objectClass: top
cn: Craig Setera
sn: Setera
givenName: Craig
mail: craig(a)demo.com <mailto:craig@demo.com>
uid: craig(a)demo.com <mailto:craig@demo.com>
Here is an example of a group:
dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: administrators
uniqueMember: uid=craig(a)demo.com
<mailto:craig@demo.com>,ou=demo,ou=People,dc=demo,dc=com
The problem that I'm seeing is that having looked at the plugin's
source code, I would have expected to at least see this message in the
log even if things were misconfigured:
slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
"--> memberof_postop_init\n" );
You'll only see this
message is you use "trace function calls" logging:
nsslapd-errorlog-loglevel: 1
Note - this will slow the server down considerably (I would not set this
log level in production)
If you still are not seeing this log message then something weird is
going on.
Can I see what your memberOf plugin entry looks like?
Thanks,
Mark
It is almost like the plugin is not being loaded. However, the
configuration seems like it should be fine...
Thanks again,
Craig
On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mareynol(a)redhat.com
<mailto:mareynol@redhat.com>> wrote:
On 09/08/2015 03:06 PM, Craig Setera wrote:
> Mark,
>
> Thanks for getting back to me. Hopefully the following will help.
>
> [root@62ca40b09276 /]# rpm -qa 389-ds-base
> 389-ds-base-1.2.11.15-60.el6.x86_64
>
> In case it matters, I'm running CentOS 6.6 inside of Docker:
>
> [root@62ca40b09276 /]# uname -a
> Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44
> UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> I'm using the following LDIF entries to enable the plugin:
>
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> -
> replace: memberofgroupattr
> memberofgroupattr: uniqueMember
> -
> replace: memberofattr
> memberofattr: memberOf
>
Hi Craig,
Did you restart the server after making the above config changes?
You need to.
Do you have an objectclass present in the member entry that allows
the "memberOf" attribute? Like "inetUser".
Are you adding a "uniqueMember" attribute to a group(and not the
"member" attribute)?
Mark
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users