[389-users] memberOf attribute and plugin behaviour between sub-suffixes.
Juan Carlos Camargo Carrillo
juancar at eprinsa.es
Mon May 23 05:41:50 UTC 2011
Thanks for answering. Here you go:
# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribió:
> On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
>
> > Is the memberOf attribute handling by the memberOf plugin limited to
> > objects inside the same subsuffix?
> > If it's not planned as such please doublecheck this behaviour
> > within the following scenario:
> >
> > - suffix dc=directory,dc=org
> > - subsuffix ou=users,dc=directory,dc=org
> > - subsuffix ou=testing,ou=users,dc=directory,dc=org
> >
> > We have then three databases. They're not replicated. The membefOf
> > plugin works only with elements (users and groups) that belong to
> > the same subsuffix. But not between different subsuffixes. As such,
> > if you make a user of ou=testing... member of a group of ou=users
> > then the plugin will not populate the memberOf attribute for that
> > user.
> >
> > The same here:
> > - subsuffix ou=users,dc=example,dc=com
> > - subsuffix ou=grupos,dc=example,dc=com
> >
> > Here the plugin wont work either. If you make a user inside
> > ou=users member of a group inside ou=groups then the value of
> > memberOf wont be populated.
> >
> > If you set debug to heavy trace, you'll see that the plugin runs in
> > every situation but:
> > 1.- when the objects belong to the same subsuffix, adding one
> > membership triggers the memberOf plugin to "ldap replace" values,
> > which is correct.
> > 2.- when the objects belong to different subsuffix, adding one
> > membership triggers the memberOf plugin to "ldap REMOVE" values,
> > which amazes me.
>
> Can you post your memberOf plugin configuration?
>
> >
> >
> > DS 1.2.8.2 CentOS5.
> >
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110523/e30cf648/attachment.html>
More information about the 389-users
mailing list