[389-users] memberof entries not appearing in replica with memberof plugin

Nathan Kinder nkinder at redhat.com
Wed Nov 11 16:04:39 UTC 2009 

On 11/10/2009 08:35 PM, John A. Sullivan III wrote:
> Hello, all.  I'm running CentOS Directory Server 8.1 on CentOS 5.4.  For
> some reason, the memberof plugin does not seem to be working on the
> replica.  My first suspicion is we have done something wrong but I
> wonder if there is an error in the documentation.  Here are the details.
>
> We are single master setup with a single replica.  We noticed some of
> our LDAP queries were not correctly detecting group membership.  We
> double checked the memberofplugin configuration and, for some reason, it
> seem to have reverted to looking at member instead of uniquemember.  We
> changed this on the master and our problem went away.
>
> However, in the process of double-checking our steps, we read that the
> memberof attribute should NOT be replicated.  We had not excluded it.
> So, we destroyed the replication agreement, created a new fractional
> replication enabled one, and reinitialized the replica.  All of the
> memberof information was missing from all users on the replica.  We then
> tried to rebuild it by running the fixup-memberof.pl script.  That
> didn't work.  We then simply tried deleting users from groups and adding
> them to see if that would work. It worked fine on the master but not on
> the replica.
>
> Is the documentation in error and replication of memberof should be
> excluded only in multimaster but should be propagated to consumers or
> have we done something wrong? I compared the memberofplugin definitions
> in dse.ldif on both and they look identical including being enabled.
> Nothing is jumping out in the error or audit logs.
>    
The only reason for using fractional replication to exclude the memberOf
attribute is to avoid any sort of dangling membership issue when using
multi-master replication.  In your single-master replication setup, you
only need to configure the memberOf plug-in on your master, not the
replica.  You can then safely replicate the memberOf attribute since a
single-master replication scenario has no chance for conflicting changes
from separate masters.

Please open a documentation bug on this so we can get things cleared up
in the manuals.
> We eventually added memberof to the replication agreement and
> resynchronized just to get the data across.  We've pulled it back out
> and, as expected, any changes are not replicating.  What are we doing
> wrong? Where do we look next to troubleshoot it? Thanks - John
>

More information about the 389-users mailing list