On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:
Existing entries are not added automatically when enabling the
you have to either run the fixup-memberof.pl
script (if it works for you - it never did
anything for us),
This is the documented way to do it.
184.108.40.206. Synchronizing memberOf Values
The MemberOf Plug-in automatically manages the memberOf attribute on
group member entries, based on the configuration in the group entry
itself. However, the memberOf attribute can be edited on a user entry
directly (which is improper) or new entries can be imported or
replicated over to the server that have a memberOf attribute already
set. These situations create inconsistencies between the memberOf
configuration managed by the server plug-in and the actual memberships
defined for an entry.
Directory Server has a memberOf repair task which manually runs the
plug-in to make sure the appropriate memberOf attributes are set on
entries. There are three ways to trigger this task:
In the Directory Server Console
Using the fixup-memberof.pl script
Running a cn=memberof task,cn=tasks,cn=config tasks entry
220.127.116.11.1. Initializing and Regenerating memberOf Attributes Using
The fixup-memberof.pl script launches a special task to regenerate all
of the memberOf attributes on user entries based on the defined member
attributes in the group entries. This is a clean-up task which
synchronizes the membership defined in group entries and the
corresponding user entries and overwrites any accidental or improper
edits on the user entries.
Open the tool directory for the Directory Server instance,
Run the script, binding as the Directory Manager.
./fixup-memberof.pl -D "cn=Directory Manager" -w password
The fixup-memberof.pl command is described in more detail in the
Configuration and Command-Line Tool Reference.
If it is not working for you, then please describe the steps you took.
or you have to make a change to each pre-existing user to trigger the
memberOf updating. The easiest way to do that is to simply create a
group and add everyone to it, then remove it (unless of course you
actually have a use for said group). If you already have a group with
everyone in it, you can probably create a new group, and add that
group as a member of the new group.
On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes <Lars.Remes(a)symbio.com
I'm not sure if existing entries are added automatically when you
enable the plugin.
I would assume so, but in any case at any time you can run the
fix-up task that will sync the attributes.
You can define the scope for the task using a filter, for example,
fix only ou=orgunit,ou=People,... branch of the DIT.
Lars Remes / Service Quality
> -----Original Message-----
> From: 389-users-bounces(a)lists.fedoraproject.org
<mailto:firstname.lastname@example.org>] On Behalf Of Vesa Alho
> Sent: 21. lokakuuta 2013 15:50
> To: 389-users(a)lists.fedoraproject.org
> Subject: Re: [389-users] MemberOf Plugin - experiences?
> On 10/21/2013 01:37 PM, Lars Remes wrote:
> > We are using the memberOf plugin in a global,
> setup, and so far we have not encountered any major issues.
> > You can easily change the membership attribute, for example, to
> > MMR is handled by not replicating the memberOf attribute between
> masters, but the attribute IS copied to slaves. Each master runs
> of the plugin.
> > Sometimes you may need to manual launch the fix-up task, but
> been quite rare.
> > If necessary, you can schedule it to run periodically.
> How does it work for already existing entries if I enable the
> I need add them "manually" or does the plugin add them
> Naturally I will test this well before changing production, but just
> interested what it takes to start using it.
> Thanks for replying!
> 389 users mailing list
389 users mailing list
389 users mailing list