On 09/08/2015 03:31 PM, Craig Setera wrote:
I did restart the server.  The following is an example of a user entry:

dn: uid=craig@demo.com,ou=demo,ou=People,dc=demo,dc=com
objectClass: accountPolicy
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: nuxeoUser
objectClass: organizationalPerson
objectClass: person
objectClass: pwmUser
objectClass: top
cn: Craig Setera
sn: Setera
givenName: Craig
mail: craig@demo.com
uid: craig@demo.com

Here is an example of a group:

dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: administrators
uniqueMember: uid=craig@demo.com,ou=demo,ou=People,dc=demo,dc=com

The problem that I'm seeing is that having looked at the plugin's source code, I would have expected to at least see this message in the log even if things were misconfigured:

slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
        "--> memberof_postop_init\n" );
You'll only see this message is you use "trace function calls" logging:

nsslapd-errorlog-loglevel: 1

Note - this will slow the server down considerably (I would not set this log level in production)

If you still are not seeing this log message then something weird is going on.

Can I see what your memberOf plugin entry looks like?

Thanks,
Mark


It is almost like the plugin is not being loaded.  However, the configuration seems like it should be fine...

Thanks again,
Craig

On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mareynol@redhat.com> wrote:


On 09/08/2015 03:06 PM, Craig Setera wrote:
Mark,

Thanks for getting back to me.  Hopefully the following will help.

[root@62ca40b09276 /]# rpm -qa 389-ds-base
389-ds-base-1.2.11.15-60.el6.x86_64

In case it matters, I'm running CentOS 6.6 inside of Docker:

[root@62ca40b09276 /]# uname -a
Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

I'm using the following LDIF entries to enable the plugin:

dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
-
replace: memberofgroupattr
memberofgroupattr: uniqueMember
-
replace: memberofattr
memberofattr: memberOf

 Hi Craig,

Did you restart the server after making the above config changes?  You need to.

Do you have an objectclass present in the member entry that allows the "memberOf" attribute?  Like "inetUser". 

Are you adding a "uniqueMember" attribute to a group(and not the "member" attribute)?

Mark



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users