[389-users] Trouble enabling memberof plugin

Craig Setera craig at baseventure.com
Tue Sep 8 19:31:03 UTC 2015 

I did restart the server.  The following is an example of a user entry:

dn: uid=craig at demo.com,ou=demo,ou=People,dc=demo,dc=com
objectClass: accountPolicy
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: nuxeoUser
objectClass: organizationalPerson
objectClass: person
objectClass: pwmUser
objectClass: top
cn: Craig Setera
sn: Setera
givenName: Craig
mail: craig at demo.com
uid: craig at demo.com

Here is an example of a group:

dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: administrators
uniqueMember: uid=craig at demo.com,ou=demo,ou=People,dc=demo,dc=com

The problem that I'm seeing is that having looked at the plugin's source
code, I would have expected to at least see this message in the log even if
things were misconfigured:

slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
        "--> memberof_postop_init\n" );

It is almost like the plugin is not being loaded.  However, the
configuration seems like it should be fine...

Thanks again,
Craig

On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mareynol at redhat.com> wrote:

>
>
> On 09/08/2015 03:06 PM, Craig Setera wrote:
>
> Mark,
>
> Thanks for getting back to me.  Hopefully the following will help.
>
> [root at 62ca40b09276 /]# rpm -qa 389-ds-base
> 389-ds-base-1.2.11.15-60.el6.x86_64
>
> In case it matters, I'm running CentOS 6.6 inside of Docker:
>
> [root at 62ca40b09276 /]# uname -a
> Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015
> x86_64 x86_64 x86_64 GNU/Linux
>
> I'm using the following LDIF entries to enable the plugin:
>
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> -
> replace: memberofgroupattr
> memberofgroupattr: uniqueMember
> -
> replace: memberofattr
> memberofattr: memberOf
>
> Hi Craig,
>
> Did you restart the server after making the above config changes?  You
> need to.
>
> Do you have an objectclass present in the member entry that allows the
> "memberOf" attribute?  Like "inetUser".
>
> Are you adding a "uniqueMember" attribute to a group(and not the "member"
> attribute)?
>
> Mark
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20150908/9395300b/attachment.html>

More information about the 389-users mailing list