2:56 a.m.
Is the memberOf attribute handling by the memberOf plugin limited to
objects inside the same subsuffix?
If it's not planned as such please doublecheck this behaviour within
the following scenario:
- suffix dc=directory,dc=org
- subsuffix ou=users,dc=directory,dc=org
- subsuffix ou=testing,ou=users,dc=directory,dc=org
We have then three databases. They're not replicated. The membefOf
plugin works only with elements (users and groups) that belong to the
same subsuffix. But not between different subsuffixes. As such, if you
make a user of ou=testing... member of a group of ou=users then the
plugin will not populate the memberOf attribute for that user.
The same here:
- subsuffix ou=users,dc=example,dc=com
- subsuffix ou=grupos,dc=example,dc=com
Here the plugin wont work either. If you make a user inside ou=users
member of a group inside ou=groups then the value of memberOf wont be
populated.
If you set debug to heavy trace, you'll see that the plugin runs in
every situation but:
1.- when the objects belong to the same subsuffix, adding one membership
triggers the memberOf plugin to "ldap replace" values, which is correct.
2.- when the objects belong to different subsuffix, adding one
membership triggers the memberOf plugin to "ldap REMOVE" values, which
amazes me.
DS 1.2.8.2 CentOS5.
9:53 a.m.
New subject: memberOf attribute and plugin behaviour between sub-suffixes.
On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
Is the memberOf attribute handling by the memberOf plugin limited to
objects inside the same subsuffix?
If it's not planned as such please doublecheck this behaviour within
the following scenario:
- suffix dc=directory,dc=org
- subsuffix ou=users,dc=directory,dc=org
- subsuffix ou=testing,ou=users,dc=directory,dc=org
We have then three databases. They're not replicated. The membefOf
plugin works only with elements (users and groups) that belong to the
same subsuffix. But not between different subsuffixes. As such, if
you make a user of ou=testing... member of a group of ou=users then
the plugin will not populate the memberOf attribute for that user.
The same here:
- subsuffix ou=users,dc=example,dc=com
- subsuffix ou=grupos,dc=example,dc=com
Here the plugin wont work either. If you make a user inside ou=users
member of a group inside ou=groups then the value of memberOf wont be
populated.
If you set debug to heavy trace, you'll see that the plugin runs in
every situation but:
1.- when the objects belong to the same subsuffix, adding one
membership triggers the memberOf plugin to "ldap replace" values,
which is correct.
2.- when the objects belong to different subsuffix, adding one
membership triggers the memberOf plugin to "ldap REMOVE" values, which
amazes me.
Can you post your memberOf plugin configuration?
DS 1.2.8.2 CentOS5.
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
12:41 a.m.
Thanks for answering. Here you go:
# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribió:
On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
> Is the memberOf attribute handling by the memberOf plugin limited to
> objects inside the same subsuffix?
> If it's not planned as such please doublecheck this behaviour
> within the following scenario:
>
> - suffix dc=directory,dc=org
> - subsuffix ou=users,dc=directory,dc=org
> - subsuffix ou=testing,ou=users,dc=directory,dc=org
>
> We have then three databases. They're not replicated. The membefOf
> plugin works only with elements (users and groups) that belong to
> the same subsuffix. But not between different subsuffixes. As such,
> if you make a user of ou=testing... member of a group of ou=users
> then the plugin will not populate the memberOf attribute for that
> user.
>
> The same here:
> - subsuffix ou=users,dc=example,dc=com
> - subsuffix ou=grupos,dc=example,dc=com
>
> Here the plugin wont work either. If you make a user inside
> ou=users member of a group inside ou=groups then the value of
> memberOf wont be populated.
>
> If you set debug to heavy trace, you'll see that the plugin runs in
> every situation but:
> 1.- when the objects belong to the same subsuffix, adding one
> membership triggers the memberOf plugin to "ldap replace" values,
> which is correct.
> 2.- when the objects belong to different subsuffix, adding one
> membership triggers the memberOf plugin to "ldap REMOVE" values,
> which amazes me.
Can you post your memberOf plugin configuration?
>
>
> DS 1.2.8.2 CentOS5.
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
5:23 p.m.
On 05/22/2011 11:41 PM, Juan Carlos Camargo Carrillo wrote:
Thanks for answering. Here you go:
# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
Thanks. It looks as though memberOf
does not work across
sub-suffix/backend boundaries.
El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribió:
> On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
>> Is the memberOf attribute handling by the memberOf plugin limited to
>> objects inside the same subsuffix?
>> If it's not planned as such please doublecheck this behaviour
>> within the following scenario:
>>
>> - suffix dc=directory,dc=org
>> - subsuffix ou=users,dc=directory,dc=org
>> - subsuffix ou=testing,ou=users,dc=directory,dc=org
>>
>> We have then three databases. They're not replicated. The membefOf
>> plugin works only with elements (users and groups) that belong to
>> the same subsuffix. But not between different subsuffixes. As such,
>> if you make a user of ou=testing... member of a group of ou=users
>> then the plugin will not populate the memberOf attribute for that user.
>>
>> The same here:
>> - subsuffix ou=users,dc=example,dc=com
>> - subsuffix ou=grupos,dc=example,dc=com
>>
>> Here the plugin wont work either. If you make a user inside
>> ou=users member of a group inside ou=groups then the value of
>> memberOf wont be populated.
>>
>> If you set debug to heavy trace, you'll see that the plugin runs in
>> every situation but:
>> 1.- when the objects belong to the same subsuffix, adding one
>> membership triggers the memberOf plugin to "ldap replace" values,
>> which is correct.
>> 2.- when the objects belong to different subsuffix, adding one
>> membership triggers the memberOf plugin to "ldap REMOVE" values,
>> which amazes me.
> Can you post your memberOf plugin configuration?
>>
>>
>> DS 1.2.8.2 CentOS5.
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
4729
days inactive
4732
days old
389-users@lists.fedoraproject.org
3 comments
2 participants
participants (2)
-
Juan Carlos Camargo -
Rich Megginson