[389-users] memberOf attribute and plugin behaviour between sub-suffixes.
Rich Megginson
rmeggins at redhat.com
Fri May 20 14:53:24 UTC 2011
On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
> Is the memberOf attribute handling by the memberOf plugin limited to
> objects inside the same subsuffix?
> If it's not planned as such please doublecheck this behaviour within
> the following scenario:
>
> - suffix dc=directory,dc=org
> - subsuffix ou=users,dc=directory,dc=org
> - subsuffix ou=testing,ou=users,dc=directory,dc=org
>
> We have then three databases. They're not replicated. The membefOf
> plugin works only with elements (users and groups) that belong to the
> same subsuffix. But not between different subsuffixes. As such, if
> you make a user of ou=testing... member of a group of ou=users then
> the plugin will not populate the memberOf attribute for that user.
>
> The same here:
> - subsuffix ou=users,dc=example,dc=com
> - subsuffix ou=grupos,dc=example,dc=com
>
> Here the plugin wont work either. If you make a user inside ou=users
> member of a group inside ou=groups then the value of memberOf wont be
> populated.
>
> If you set debug to heavy trace, you'll see that the plugin runs in
> every situation but:
> 1.- when the objects belong to the same subsuffix, adding one
> membership triggers the memberOf plugin to "ldap replace" values,
> which is correct.
> 2.- when the objects belong to different subsuffix, adding one
> membership triggers the memberOf plugin to "ldap REMOVE" values, which
> amazes me.
Can you post your memberOf plugin configuration?
>
>
> DS 1.2.8.2 CentOS5.
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110520/0278268d/attachment.html>
More information about the 389-users
mailing list