Hi,
I have a commercial application which could use MemberOf information from LDAP (ref http://directory.fedoraproject.org/wiki/MemberOf_Plugin). Does many people use this plugin and what are your experiences with it? Currently we are only using "uniquemember" attribute in Group entries.
Some stuff on the Issues list look worrying to me:
"Membership attribute is currently hard-coded to be "member"" "We really should make this work with MMR. "
MemberOf is not crucial to us. So, before I start experimenting, it would be great to know if it's "worth" my time.
-Mr. Vesa Alho
We are using the memberOf plugin in a global, multi-master-multi-slave setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to memberUid. MMR is handled by not replicating the memberOf attribute between masters, but the attribute IS copied to slaves. Each master runs own instance of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has been quite rare. If necessary, you can schedule it to run periodically. -- Lars Remes / Service Quality
lars.remes@symbio.com www.symbio.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- bounces@lists.fedoraproject.org] On Behalf Of Vesa Alho Sent: 21. lokakuuta 2013 13:23 To: General discussion list for the 389 Directory server project. Subject: [389-users] MemberOf Plugin - experiences?
Hi,
I have a commercial application which could use MemberOf information from LDAP (ref http://directory.fedoraproject.org/wiki/MemberOf_Plugin). Does many people use this plugin and what are your experiences with it? Currently we are only using "uniquemember" attribute in Group entries.
Some stuff on the Issues list look worrying to me:
"Membership attribute is currently hard-coded to be "member"" "We really should make this work with MMR. "
MemberOf is not crucial to us. So, before I start experimenting, it would be great to know if it's "worth" my time.
-Mr. Vesa Alho
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Sorry, mentioned the wrong attribute in previous mail.
Meant to say, you can easily change the membership attribute to uniqueMember. (You can't use memberUid as it's value is not a DN)
-- Lars Remes / Service Quality
lars.remes@symbio.com www.symbio.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- bounces@lists.fedoraproject.org] On Behalf Of Lars Remes Sent: 21. lokakuuta 2013 13:37 To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] MemberOf Plugin - experiences?
We are using the memberOf plugin in a global, multi-master-multi-slave setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to memberUid. MMR is handled by not replicating the memberOf attribute between masters, but the attribute IS copied to slaves. Each master runs own instance of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has been quite rare. If necessary, you can schedule it to run periodically. -- Lars Remes / Service Quality
lars.remes@symbio.com www.symbio.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- bounces@lists.fedoraproject.org] On Behalf Of Vesa Alho Sent: 21. lokakuuta 2013 13:23 To: General discussion list for the 389 Directory server project. Subject: [389-users] MemberOf Plugin - experiences?
Hi,
I have a commercial application which could use MemberOf information from LDAP (ref
http://directory.fedoraproject.org/wiki/MemberOf_Plugin).
Does many people use this plugin and what are your experiences with it? Currently we are only using "uniquemember" attribute in Group entries.
Some stuff on the Issues list look worrying to me:
"Membership attribute is currently hard-coded to be "member"" "We really should make this work with MMR. "
MemberOf is not crucial to us. So, before I start experimenting, it would be great to know if it's "worth" my time.
-Mr. Vesa Alho
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 10/21/2013 01:37 PM, Lars Remes wrote:
We are using the memberOf plugin in a global, multi-master-multi-slave setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to memberUid. MMR is handled by not replicating the memberOf attribute between masters, but the attribute IS copied to slaves. Each master runs own instance of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has been quite rare. If necessary, you can schedule it to run periodically.
How does it work for already existing entries if I enable the plugin? Do I need add them "manually" or does the plugin add them automatically?
Naturally I will test this well before changing production, but just interested what it takes to start using it.
Thanks for replying!
-Vesa
On 10/21/2013 06:49 AM, Vesa Alho wrote:
On 10/21/2013 01:37 PM, Lars Remes wrote:
We are using the memberOf plugin in a global, multi-master-multi-slave setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to memberUid. MMR is handled by not replicating the memberOf attribute between masters, but the attribute IS copied to slaves. Each master runs own instance of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has been quite rare. If necessary, you can schedule it to run periodically.
How does it work for already existing entries if I enable the plugin? Do I need add them "manually" or does the plugin add them automatically?
You need to run the fixup-memberof.pl script.
Naturally I will test this well before changing production, but just interested what it takes to start using it.
Thanks for replying!
-Vesa
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I'm not sure if existing entries are added automatically when you enable the plugin. I would assume so, but in any case at any time you can run the fix-up task that will sync the attributes. You can define the scope for the task using a filter, for example, fix only ou=orgunit,ou=People,... branch of the DIT.
-- Lars Remes / Service Quality
lars.remes@symbio.com www.symbio.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- bounces@lists.fedoraproject.org] On Behalf Of Vesa Alho Sent: 21. lokakuuta 2013 15:50 To: 389-users@lists.fedoraproject.org Subject: Re: [389-users] MemberOf Plugin - experiences?
On 10/21/2013 01:37 PM, Lars Remes wrote:
We are using the memberOf plugin in a global, multi-master-multi-slave
setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to
memberUid.
MMR is handled by not replicating the memberOf attribute between
masters, but the attribute IS copied to slaves. Each master runs own instance of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has
been quite rare.
If necessary, you can schedule it to run periodically.
How does it work for already existing entries if I enable the plugin? Do I need add them "manually" or does the plugin add them automatically?
Naturally I will test this well before changing production, but just interested what it takes to start using it.
Thanks for replying!
-Vesa
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Existing entries are not added automatically when enabling the plugin, you have to either run the fixup-memberof.pl script (if it works for you - it never did anything for us), or you have to make a change to each pre-existing user to trigger the memberOf updating. The easiest way to do that is to simply create a group and add everyone to it, then remove it (unless of course you actually have a use for said group). If you already have a group with everyone in it, you can probably create a new group, and add that group as a member of the new group.
On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes Lars.Remes@symbio.com wrote:
I'm not sure if existing entries are added automatically when you enable the plugin. I would assume so, but in any case at any time you can run the fix-up task that will sync the attributes. You can define the scope for the task using a filter, for example, fix only ou=orgunit,ou=People,... branch of the DIT.
-- Lars Remes / Service Quality
lars.remes@symbio.com www.symbio.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- bounces@lists.fedoraproject.org] On Behalf Of Vesa Alho Sent: 21. lokakuuta 2013 15:50 To: 389-users@lists.fedoraproject.org Subject: Re: [389-users] MemberOf Plugin - experiences?
On 10/21/2013 01:37 PM, Lars Remes wrote:
We are using the memberOf plugin in a global, multi-master-multi-slave
setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to
memberUid.
MMR is handled by not replicating the memberOf attribute between
masters, but the attribute IS copied to slaves. Each master runs own
instance
of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has
been quite rare.
If necessary, you can schedule it to run periodically.
How does it work for already existing entries if I enable the plugin? Do I need add them "manually" or does the plugin add them automatically?
Naturally I will test this well before changing production, but just interested what it takes to start using it.
Thanks for replying!
-Vesa
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:
Existing entries are not added automatically when enabling the plugin, you have to either run the fixup-memberof.pl http://fixup-memberof.pl script (if it works for you - it never did anything for us),
This is the documented way to do it.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
6.1.4.5. Synchronizing memberOf Values The MemberOf Plug-in automatically manages the memberOf attribute on group member entries, based on the configuration in the group entry itself. However, the memberOf attribute can be edited on a user entry directly (which is improper) or new entries can be imported or replicated over to the server that have a memberOf attribute already set. These situations create inconsistencies between the memberOf configuration managed by the server plug-in and the actual memberships defined for an entry. Directory Server has a memberOf repair task which manually runs the plug-in to make sure the appropriate memberOf attributes are set on entries. There are three ways to trigger this task:
In the Directory Server Console Using the fixup-memberof.pl script Running a cn=memberof task,cn=tasks,cn=config tasks entry
6.1.4.5.1. Initializing and Regenerating memberOf Attributes Using fixup-memberof.pl The fixup-memberof.pl script launches a special task to regenerate all of the memberOf attributes on user entries based on the defined member attributes in the group entries. This is a clean-up task which synchronizes the membership defined in group entries and the corresponding user entries and overwrites any accidental or improper edits on the user entries.
Open the tool directory for the Directory Server instance, /usr/lib/dirsrv/slapd-instance_name/. Run the script, binding as the Directory Manager.
./fixup-memberof.pl -D "cn=Directory Manager" -w password
The fixup-memberof.pl command is described in more detail in the Configuration and Command-Line Tool Reference.
If it is not working for you, then please describe the steps you took.
or you have to make a change to each pre-existing user to trigger the memberOf updating. The easiest way to do that is to simply create a group and add everyone to it, then remove it (unless of course you actually have a use for said group). If you already have a group with everyone in it, you can probably create a new group, and add that group as a member of the new group.
On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes <Lars.Remes@symbio.com mailto:Lars.Remes@symbio.com> wrote:
I'm not sure if existing entries are added automatically when you enable the plugin. I would assume so, but in any case at any time you can run the fix-up task that will sync the attributes. You can define the scope for the task using a filter, for example, fix only ou=orgunit,ou=People,... branch of the DIT. -- Lars Remes / Service Quality lars.remes@symbio.com <mailto:lars.remes@symbio.com> www.symbio.com <http://www.symbio.com> > -----Original Message----- > From: 389-users-bounces@lists.fedoraproject.org <mailto:389-users-bounces@lists.fedoraproject.org> [mailto:389-users- <mailto:389-users-> > bounces@lists.fedoraproject.org <mailto:bounces@lists.fedoraproject.org>] On Behalf Of Vesa Alho > Sent: 21. lokakuuta 2013 15:50 > To: 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > Subject: Re: [389-users] MemberOf Plugin - experiences? > > On 10/21/2013 01:37 PM, Lars Remes wrote: > > We are using the memberOf plugin in a global, multi-master-multi-slave > setup, and so far we have not encountered any major issues. > > > > You can easily change the membership attribute, for example, to > memberUid. > > MMR is handled by not replicating the memberOf attribute between > masters, but the attribute IS copied to slaves. Each master runs own instance > of the plugin. > > > > Sometimes you may need to manual launch the fix-up task, but that has > been quite rare. > > If necessary, you can schedule it to run periodically. > > How does it work for already existing entries if I enable the plugin? Do > I need add them "manually" or does the plugin add them automatically? > > Naturally I will test this well before changing production, but just > interested what it takes to start using it. > > Thanks for replying! > > -Vesa > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hello,
Translate text or webpage
Could anyone help me??
I configured in the pacemaker ClusterMON but get no email. Already tested the email from the command line and all is right.
I am sending configuration I did. What's wrong??
I will deploy the environment this weekend and would like to deploy ClusterMon.
Anyone have any tips ??? Type text or a website address or translate a document. Cancel Did you mean: Alguém poderia me ajudar??? Eu configurei no pacemaker o Cluster Denise
crm configure
primitive resMON ocf:pacemaker:ClusterMon \ op monitor interval="180" timeout="20" \ params extra_options="--mail-to guanaes51@yahoo.com.br --mail-host smtp.xxxxx.xx"
clone ClusterMon-clone resMON
daemon
root 15811 1 0 16:34 ? 00:00:00 /usr/sbin/crm_mon -p /tmp/ClusterMon_resMON.pid -d -i 15 --mail-to guanaes51@yahoo.com.br --mail-host smtp.xxxx.xx -h /tmp/ClusterMon_resMON.html
That was exactly the way we ran it, per that documentation, but it didn't appear to do anything. So, I figured out that just adding/removing users from groups would trigger it to update ALL groups for that user, so I just bulk added everyone to a group and problem solved.
On Tue, Oct 22, 2013 at 12:01 PM, Rich Megginson rmeggins@redhat.comwrote:
On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:
Existing entries are not added automatically when enabling the plugin, you have to either run the fixup-memberof.pl script (if it works for you - it never did anything for us),
This is the documented way to do it.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
6.1.4.5. Synchronizing memberOf Values The MemberOf Plug-in automatically manages the memberOf attribute on group member entries, based on the configuration in the group entry itself. However, the memberOf attribute can be edited on a user entry directly (which is improper) or new entries can be imported or replicated over to the server that have a memberOf attribute already set. These situations create inconsistencies between the memberOf configuration managed by the server plug-in and the actual memberships defined for an entry. Directory Server has a memberOf repair task which manually runs the plug-in to make sure the appropriate memberOf attributes are set on entries. There are three ways to trigger this task:
In the Directory Server Console Using the fixup-memberof.pl script Running a cn=memberof task,cn=tasks,cn=config tasks entry6.1.4.5.1. Initializing and Regenerating memberOf Attributes Using fixup-memberof.pl The fixup-memberof.pl script launches a special task to regenerate all of the memberOf attributes on user entries based on the defined member attributes in the group entries. This is a clean-up task which synchronizes the membership defined in group entries and the corresponding user entries and overwrites any accidental or improper edits on the user entries.
Open the tool directory for the Directory Server instance,/usr/lib/dirsrv/slapd-instance_name/. Run the script, binding as the Directory Manager.
./fixup-memberof.pl -D "cn=Directory Manager" -w passwordThe fixup-memberof.pl command is described in more detail in the Configuration and Command-Line Tool Reference.
If it is not working for you, then please describe the steps you took.
or you have to make a change to each pre-existing user to trigger the memberOf updating. The easiest way to do that is to simply create a group and add everyone to it, then remove it (unless of course you actually have a use for said group). If you already have a group with everyone in it, you can probably create a new group, and add that group as a member of the new group.
On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes Lars.Remes@symbio.comwrote:
I'm not sure if existing entries are added automatically when you enable the plugin. I would assume so, but in any case at any time you can run the fix-up task that will sync the attributes. You can define the scope for the task using a filter, for example, fix only ou=orgunit,ou=People,... branch of the DIT.
-- Lars Remes / Service Quality
lars.remes@symbio.com www.symbio.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- bounces@lists.fedoraproject.org] On Behalf Of Vesa Alho Sent: 21. lokakuuta 2013 15:50 To: 389-users@lists.fedoraproject.org Subject: Re: [389-users] MemberOf Plugin - experiences?
On 10/21/2013 01:37 PM, Lars Remes wrote:
We are using the memberOf plugin in a global, multi-master-multi-slave
setup, and so far we have not encountered any major issues.
You can easily change the membership attribute, for example, to
memberUid.
MMR is handled by not replicating the memberOf attribute between
masters, but the attribute IS copied to slaves. Each master runs own
instance
of the plugin.
Sometimes you may need to manual launch the fix-up task, but that has
been quite rare.
If necessary, you can schedule it to run periodically.
How does it work for already existing entries if I enable the plugin? Do I need add them "manually" or does the plugin add them automatically?
Naturally I will test this well before changing production, but just interested what it takes to start using it.
Thanks for replying!
-Vesa
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
On 10/22/2013 11:44 AM, Jonathan Vaughn wrote:
That was exactly the way we ran it, per that documentation, but it didn't appear to do anything.
You can check the /var/log/dirsrv/slapd-INST/errors log file to see if it ran and if there were any errors.
So, I figured out that just adding/removing users from groups would trigger it to update ALL groups for that user,
Yes, it does.
so I just bulk added everyone to a group and problem solved.
On Tue, Oct 22, 2013 at 12:01 PM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:Existing entries are not added automatically when enabling the plugin, you have to either run the fixup-memberof.pl <http://fixup-memberof.pl> script (if it works for you - it never did anything for us),This is the documented way to do it. https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof 6.1.4.5. Synchronizing memberOf Values The MemberOf Plug-in automatically manages the memberOf attribute on group member entries, based on the configuration in the group entry itself. However, the memberOf attribute can be edited on a user entry directly (which is improper) or new entries can be imported or replicated over to the server that have a memberOf attribute already set. These situations create inconsistencies between the memberOf configuration managed by the server plug-in and the actual memberships defined for an entry. Directory Server has a memberOf repair task which manually runs the plug-in to make sure the appropriate memberOf attributes are set on entries. There are three ways to trigger this task: In the Directory Server Console Using the fixup-memberof.pl <http://fixup-memberof.pl> script Running a cn=memberof task,cn=tasks,cn=config tasks entry 6.1.4.5.1. Initializing and Regenerating memberOf Attributes Using fixup-memberof.pl <http://fixup-memberof.pl> The fixup-memberof.pl <http://fixup-memberof.pl> script launches a special task to regenerate all of the memberOf attributes on user entries based on the defined member attributes in the group entries. This is a clean-up task which synchronizes the membership defined in group entries and the corresponding user entries and overwrites any accidental or improper edits on the user entries. Open the tool directory for the Directory Server instance, /usr/lib/dirsrv/slapd-instance_name/. Run the script, binding as the Directory Manager. ./fixup-memberof.pl <http://fixup-memberof.pl> -D "cn=Directory Manager" -w password The fixup-memberof.pl <http://fixup-memberof.pl> command is described in more detail in the Configuration and Command-Line Tool Reference. If it is not working for you, then please describe the steps you took.or you have to make a change to each pre-existing user to trigger the memberOf updating. The easiest way to do that is to simply create a group and add everyone to it, then remove it (unless of course you actually have a use for said group). If you already have a group with everyone in it, you can probably create a new group, and add that group as a member of the new group. On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes <Lars.Remes@symbio.com <mailto:Lars.Remes@symbio.com>> wrote: I'm not sure if existing entries are added automatically when you enable the plugin. I would assume so, but in any case at any time you can run the fix-up task that will sync the attributes. You can define the scope for the task using a filter, for example, fix only ou=orgunit,ou=People,... branch of the DIT. -- Lars Remes / Service Quality lars.remes@symbio.com <mailto:lars.remes@symbio.com> www.symbio.com <http://www.symbio.com> > -----Original Message----- > From: 389-users-bounces@lists.fedoraproject.org <mailto:389-users-bounces@lists.fedoraproject.org> [mailto:389-users- <mailto:389-users-> > bounces@lists.fedoraproject.org <mailto:bounces@lists.fedoraproject.org>] On Behalf Of Vesa Alho > Sent: 21. lokakuuta 2013 15:50 > To: 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > Subject: Re: [389-users] MemberOf Plugin - experiences? > > On 10/21/2013 01:37 PM, Lars Remes wrote: > > We are using the memberOf plugin in a global, multi-master-multi-slave > setup, and so far we have not encountered any major issues. > > > > You can easily change the membership attribute, for example, to > memberUid. > > MMR is handled by not replicating the memberOf attribute between > masters, but the attribute IS copied to slaves. Each master runs own instance > of the plugin. > > > > Sometimes you may need to manual launch the fix-up task, but that has > been quite rare. > > If necessary, you can schedule it to run periodically. > > How does it work for already existing entries if I enable the plugin? Do > I need add them "manually" or does the plugin add them automatically? > > Naturally I will test this well before changing production, but just > interested what it takes to start using it. > > Thanks for replying! > > -Vesa > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:Existing entries are not added automatically when enabling the plugin, you have to either run the fixup-memberof.pl <http://fixup-memberof.pl> script (if it works for you - it never did anything for us),
Thanks for all the input! I will start experimenting in our test environment.
Mr. Vesa Alho
389-users@lists.fedoraproject.org
-
Denise Cosso -
Jonathan Vaughn -
Lars Remes -
Rich Megginson -
Vesa Alho