On 10/22/2013 10:52 AM, Jonathan Vaughn
Existing entries are not added automatically when
enabling the plugin, you have to either run the fixup-memberof.pl
script (if it works for you - it never did anything for us),
This is the documented way to do it.
18.104.22.168. Synchronizing memberOf Values
The MemberOf Plug-in automatically manages the memberOf attribute on
group member entries, based on the configuration in the group entry
itself. However, the memberOf attribute can be edited on a user
entry directly (which is improper) or new entries can be imported or
replicated over to the server that have a memberOf attribute already
set. These situations create inconsistencies between the memberOf
configuration managed by the server plug-in and the actual
memberships defined for an entry.
Directory Server has a memberOf repair task which manually runs the
plug-in to make sure the appropriate memberOf attributes are set on
entries. There are three ways to trigger this task:
In the Directory Server Console
Using the fixup-memberof.pl script
Running a cn=memberof task,cn=tasks,cn=config tasks entry
22.214.171.124.1. Initializing and Regenerating memberOf Attributes Using
The fixup-memberof.pl script launches a special task to regenerate
all of the memberOf attributes on user entries based on the defined
member attributes in the group entries. This is a clean-up task
which synchronizes the membership defined in group entries and the
corresponding user entries and overwrites any accidental or improper
edits on the user entries.
Open the tool directory for the Directory Server instance,
Run the script, binding as the Directory Manager.
./fixup-memberof.pl -D "cn=Directory Manager" -w password
The fixup-memberof.pl command is described in more detail in the
Configuration and Command-Line Tool Reference.
If it is not working for you, then please describe the steps you
or you have to make a change to each pre-existing
user to trigger the memberOf updating. The easiest way to do
that is to simply create a group and add everyone to it, then
remove it (unless of course you actually have a use for said
group). If you already have a group with everyone in it, you can
probably create a new group, and add that group as a member of
the new group.
389 users mailing list