[389-users] DS querying members groups not showing recent/updated members
Rich Megginson
rmeggins at redhat.com
Fri May 15 19:57:14 UTC 2015
On 05/15/2015 12:36 PM, Ghiurea, Isabella wrote:
> HI LIst,
>
> we are seeing some strange behavoiurs in our DS ( members of pluging is enabled)
> if we add a user to a group we can't see that new user in group for some minutes /days , the follwing curl returns 0 members in group but ( there were already 2 members+ 1 added )
> running same curl command today (2 days later) the
> group memberships now show up as expected:
>
> curl -v -u xxxxxx "http://www.ababababababb?
> ID=xxxx&IDTYPE=http&ROLE=member"
>
> So, there is something in LDAP which is taking a long time and is affecting group queries.
>
> we wol;d like to know if this can be a case when using 'membership plugin' that aggregates user membership
> for reporting?
Firstly, rpm -q 389-ds-base
Are you using IdM/IPA or plain 389?
The best way to test would be to use ldapsearch.
1) Get the user entry before doing some operation to add/remove from group:
ldapsearch -xLLL -D "cn=directory manager" -w "password" -b
"dc=your,dc=base,dc=suffix" "uid=theuserid" \* memberof
2) Perform some sort of operation to modify group membership
whatever that is
3) Get the user entry after:
ldapsearch -xLLL -D "cn=directory manager" -w "password" -b
"dc=your,dc=base,dc=suffix" "uid=theuserid" \* memberof
4) Get the group entry after:
ldapsearch -xLLL -D "cn=directory manager" -w "password" -b
"dc=your,dc=base,dc=suffix" "cn=nameofgroup"
> '
> Thank you
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list