[389-users] Trouble enabling memberof plugin

Mark Reynolds mareynol at redhat.com
Tue Sep 8 19:52:11 UTC 2015 


On 09/08/2015 03:31 PM, Craig Setera wrote:
> I did restart the server.  The following is an example of a user entry:
>
> dn: uid=craig at demo.com 
> <mailto:craig at demo.com>,ou=demo,ou=People,dc=demo,dc=com
> objectClass: accountPolicy
> objectClass: inetOrgPerson
> objectClass: inetUser
> objectClass: nuxeoUser
> objectClass: organizationalPerson
> objectClass: person
> objectClass: pwmUser
> objectClass: top
> cn: Craig Setera
> sn: Setera
> givenName: Craig
> mail: craig at demo.com <mailto:craig at demo.com>
> uid: craig at demo.com <mailto:craig at demo.com>
>
> Here is an example of a group:
>
> dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com
> objectClass: groupOfUniqueNames
> objectClass: top
> cn: administrators
> uniqueMember: uid=craig at demo.com 
> <mailto:craig at demo.com>,ou=demo,ou=People,dc=demo,dc=com
>
> The problem that I'm seeing is that having looked at the plugin's 
> source code, I would have expected to at least see this message in the 
> log even if things were misconfigured:
>
> slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
>         "--> memberof_postop_init\n" );
You'll only see this message is you use "trace function calls" logging:

nsslapd-errorlog-loglevel: 1

Note - this will slow the server down considerably (I would not set this 
log level in production)

If you still are not seeing this log message then something weird is 
going on.

Can I see what your memberOf plugin entry looks like?

Thanks,
Mark

>
> It is almost like the plugin is not being loaded.  However, the 
> configuration seems like it should be fine...
>
> Thanks again,
> Craig
>
> On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mareynol at redhat.com 
> <mailto:mareynol at redhat.com>> wrote:
>
>
>
>     On 09/08/2015 03:06 PM, Craig Setera wrote:
>>     Mark,
>>
>>     Thanks for getting back to me. Hopefully the following will help.
>>
>>     [root at 62ca40b09276 /]# rpm -qa 389-ds-base
>>     389-ds-base-1.2.11.15-60.el6.x86_64
>>
>>     In case it matters, I'm running CentOS 6.6 inside of Docker:
>>
>>     [root at 62ca40b09276 /]# uname -a
>>     Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44
>>     UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>>
>>     I'm using the following LDIF entries to enable the plugin:
>>
>>     dn: cn=MemberOf Plugin,cn=plugins,cn=config
>>     changetype: modify
>>     replace: nsslapd-pluginEnabled
>>     nsslapd-pluginEnabled: on
>>     -
>>     replace: memberofgroupattr
>>     memberofgroupattr: uniqueMember
>>     -
>>     replace: memberofattr
>>     memberofattr: memberOf
>>
>     Hi Craig,
>
>     Did you restart the server after making the above config changes? 
>     You need to.
>
>     Do you have an objectclass present in the member entry that allows
>     the "memberOf" attribute? Like "inetUser".
>
>     Are you adding a "uniqueMember" attribute to a group(and not the
>     "member" attribute)?
>
>     Mark
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20150908/79135505/attachment.html>

More information about the 389-users mailing list