[389-users] Trouble enabling memberof plugin
Craig Setera
craig at baseventure.com
Tue Sep 8 19:31:03 UTC 2015
I did restart the server. The following is an example of a user entry:
dn: uid=craig at demo.com,ou=demo,ou=People,dc=demo,dc=com
objectClass: accountPolicy
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: nuxeoUser
objectClass: organizationalPerson
objectClass: person
objectClass: pwmUser
objectClass: top
cn: Craig Setera
sn: Setera
givenName: Craig
mail: craig at demo.com
uid: craig at demo.com
Here is an example of a group:
dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: administrators
uniqueMember: uid=craig at demo.com,ou=demo,ou=People,dc=demo,dc=com
The problem that I'm seeing is that having looked at the plugin's source
code, I would have expected to at least see this message in the log even if
things were misconfigured:
slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
"--> memberof_postop_init\n" );
It is almost like the plugin is not being loaded. However, the
configuration seems like it should be fine...
Thanks again,
Craig
On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mareynol at redhat.com> wrote:
>
>
> On 09/08/2015 03:06 PM, Craig Setera wrote:
>
> Mark,
>
> Thanks for getting back to me. Hopefully the following will help.
>
> [root at 62ca40b09276 /]# rpm -qa 389-ds-base
> 389-ds-base-1.2.11.15-60.el6.x86_64
>
> In case it matters, I'm running CentOS 6.6 inside of Docker:
>
> [root at 62ca40b09276 /]# uname -a
> Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015
> x86_64 x86_64 x86_64 GNU/Linux
>
> I'm using the following LDIF entries to enable the plugin:
>
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> -
> replace: memberofgroupattr
> memberofgroupattr: uniqueMember
> -
> replace: memberofattr
> memberofattr: memberOf
>
> Hi Craig,
>
> Did you restart the server after making the above config changes? You
> need to.
>
> Do you have an objectclass present in the member entry that allows the
> "memberOf" attribute? Like "inetUser".
>
> Are you adding a "uniqueMember" attribute to a group(and not the "member"
> attribute)?
>
> Mark
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20150908/9395300b/attachment.html>
More information about the 389-users
mailing list