[389-users] memberof entries not appearing in replica with memberof plugin
Nathan Kinder
nkinder at redhat.com
Wed Nov 11 16:04:39 UTC 2009
On 11/10/2009 08:35 PM, John A. Sullivan III wrote:
> Hello, all. I'm running CentOS Directory Server 8.1 on CentOS 5.4. For
> some reason, the memberof plugin does not seem to be working on the
> replica. My first suspicion is we have done something wrong but I
> wonder if there is an error in the documentation. Here are the details.
>
> We are single master setup with a single replica. We noticed some of
> our LDAP queries were not correctly detecting group membership. We
> double checked the memberofplugin configuration and, for some reason, it
> seem to have reverted to looking at member instead of uniquemember. We
> changed this on the master and our problem went away.
>
> However, in the process of double-checking our steps, we read that the
> memberof attribute should NOT be replicated. We had not excluded it.
> So, we destroyed the replication agreement, created a new fractional
> replication enabled one, and reinitialized the replica. All of the
> memberof information was missing from all users on the replica. We then
> tried to rebuild it by running the fixup-memberof.pl script. That
> didn't work. We then simply tried deleting users from groups and adding
> them to see if that would work. It worked fine on the master but not on
> the replica.
>
> Is the documentation in error and replication of memberof should be
> excluded only in multimaster but should be propagated to consumers or
> have we done something wrong? I compared the memberofplugin definitions
> in dse.ldif on both and they look identical including being enabled.
> Nothing is jumping out in the error or audit logs.
>
The only reason for using fractional replication to exclude the memberOf
attribute is to avoid any sort of dangling membership issue when using
multi-master replication. In your single-master replication setup, you
only need to configure the memberOf plug-in on your master, not the
replica. You can then safely replicate the memberOf attribute since a
single-master replication scenario has no chance for conflicting changes
from separate masters.
Please open a documentation bug on this so we can get things cleared up
in the manuals.
> We eventually added memberof to the replication agreement and
> resynchronized just to get the data across. We've pulled it back out
> and, as expected, any changes are not replicating. What are we doing
> wrong? Where do we look next to troubleshoot it? Thanks - John
>
More information about the 389-users
mailing list