Noriko,
Changing that config, if I remove and add again the user in a group
worked....but the fixup-memberof.pl <
http://fixup-memberof.pl> didn't.
I'm not sure why. The fix=memberof.pl is supposed to do the following task.
* 1. Remove all present memberOf values
* 2. Add direct group membership memberOf values
* 3. Add indirect group membership memberOf values
The default filter the utility uses is
"(|(objectclass=inetuser)(objectclass=inetadmin))".
If you run ldapsearch -x -D "cn=Directory Manager" -w - -b
"OU=my,dc=mydc,dc=local"
"(|(objectclass=inetuser)(objectclass=inetadmin))", what does the
command line return?
Is there any easy way to update this info on all users?
Another question:
Should I always change this parameter?
As long as your group entry is
groupofuniquenames, yes, you need to.
I'm asking that because I'm planning to update my 389 to a
newer
version (due to a db2bak.pl <
http://db2bak.pl> problem that was fixed
in this newer version)
Alberto Viana
On Thu, Jul 10, 2014 at 5:16 PM, Noriko Hosoi <nhosoi(a)redhat.com
<mailto:nhosoi@redhat.com>> wrote:
Alberto,
Alberto Viana wrote:
> Noriko,
>
> dn: uid=alberto.viana,ou=IT,dc=mydc,dc=local
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: inetOrgPerson
> objectClass: ntUser
> objectClass: eduPerson
> objectClass: brPerson
> objectClass: schacPersonalCharacteristics
> objectClass: pwmUser
> objectClass: inetuser
> ntUserLastLogoff: 0
> ntUserDeleteAccount: true
> uid: alberto.viana
> sn: Viana
> givenName: Alberto
> cn: Alberto Viana
>
>
> dn: cn=GRP_SRV_WIKI_CONFLUENCE,OU=GROUPS,dc=mydc,dc=local
> *uniqueMember: uid=alberto.viana,ou=IT,dc=mydc,dc=local*
> objectClass: top
> objectClass: groupofuniquenames
> objectClass: ntGroup
> ntGroupDeleteGroup: true
> cn: GRP_SRV_WIKI_CONFLUENCE
> ntUserDomainId: GRP_SRV_WIKI_CONFLUENCE
Could you try again after replacing the memberofgroupattr value
member with uniqueMember?
> Here's my plugin config:
> # MemberOf Plugin, plugins, config
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
> cn: MemberOf Plugin
> nsslapd-pluginPath: libmemberof-plugin
> nsslapd-pluginInitfunc: memberof_postop_init
> nsslapd-pluginType: betxnpostoperation
> nsslapd-pluginEnabled: on
> nsslapd-plugin-depends-on-type: database
> memberofgroupattr: *member*
> memberofattr: memberOf
> nsslapd-pluginId: memberof
> nsslapd-pluginVersion: 1.3.2.13
> nsslapd-pluginVendor: 389 Project
> nsslapd-pluginDescription: memberof plugin
>
>
> If you need something else, just let me know.
>
>
>
> On Thu, Jul 10, 2014 at 4:54 PM, Noriko Hosoi <nhosoi(a)redhat.com
> <mailto:nhosoi@redhat.com>> wrote:
>
> Alberto,
>
> Alberto Viana wrote:
>> Noriko,
>>
>> Just to let you know that was a totally fresh instalation
>> and I imported my userRoot database, so I dont think so.
> It was a question from Mark :), but thanks for your
> response. So, you don't get any particular errors or
> warnings in your error log... Would you mind sharing a
> typical user and a group entry? Of course you could cleanse
> the "name" part.
>
>>
>> Here's my plugin config:
>> # MemberOf Plugin, plugins, config
>> dn: cn=MemberOf Plugin,cn=plugins,cn=config
>> objectClass: top
>> objectClass: nsSlapdPlugin
>> objectClass: extensibleObject
>> cn: MemberOf Plugin
>> nsslapd-pluginPath: libmemberof-plugin
>> nsslapd-pluginInitfunc: memberof_postop_init
>> nsslapd-pluginType: betxnpostoperation
>> nsslapd-pluginEnabled: on
>> nsslapd-plugin-depends-on-type: database
>> memberofgroupattr: member
>> memberofattr: memberOf
>> nsslapd-pluginId: memberof
>> nsslapd-pluginVersion: 1.3.2.13
>> nsslapd-pluginVendor: 389 Project
>> nsslapd-pluginDescription: memberof plugin
>>
>>
>> I have 2 389DS with this version (replication enabled), the
>> same behavior in both.
>>
>> Thanks
>>
>>
>>
>> On Thu, Jul 10, 2014 at 4:29 PM, Mark Reynolds
>> <mareynol(a)redhat.com <mailto:mareynol@redhat.com>> wrote:
>>
>>
>> On 07/10/2014 02:35 PM, Alberto Viana wrote:
>>> Noriko,
>>>
>>> =====================
>>> # fixup-memberof.pl <
http://fixup-memberof.pl> -D
>>> "cn=Directory Manager" -w - -b
"OU=my,dc=mydc,dc=local"
>>> Bind Password:
>>> Successfully added task entry
>>> "cn=memberOf_fixup_2014_7_10_15_25_29, cn=memberOf
>>> task, cn=tasks, cn=config"
>>> =====================
>>>
>>> It Removed all memberof entries for my user...is the
>>> expected behavior?
>>>
>>> Even if remove the user from a group and add it again,
>>> its not working.
>>>
>>> Thanks
>> Can you verify your memberOf settings are still
>> correct(memberofgroupattr, etc)? Maybe something got
>> overwritten during the upgrade?
>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Jul 10, 2014 at 3:20 PM, Noriko Hosoi
>>> <nhosoi(a)redhat.com <mailto:nhosoi@redhat.com>>
wrote:
>>>
>>> What happens if you run this utility?
>>> /usr/lib[64]/dirsrv/slapd-YOURID/fixup-memberof.pl
>>> <
http://fixup-memberof.pl>
>>>
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9....
>>>
>>> Then, continue updating your user in a group?
>>> Thanks,
>>> --noriko
>>>
>>> Alberto Viana wrote:
>>>> Hi,
>>>>
>>>> 389-Directory/1.3.2.13 <
http://1.3.2.13>
>>>> B2014.141.1513
>>>>
>>>> I recently updated my server to 1.3.2.13 and the
>>>> "memberof" plugin is not working as expected,
it's
>>>> not updating my user "memberOf" attribute whe
I
>>>> put a user in a group.
>>>>
>>>> How can I debug it?
>>>>
>>>> I tried to set my nsslapd-errorlog-level to 65536
>>>> but could not find any useful information.
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Alberto Viana
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>> <mailto:389-users@lists.fedoraproject.org>
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>> <mailto:389-users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users