I'm attempting to enable the memberof plugin in version 1.2.11 on CentOS 6.x. Unfortunately, it don't seem to be able to get the plugin enabled and functioning. With plugin logging enabled, I see other plugins logging their startup and functionality, while I see nothing from the memberof plugin despite having enabled it in the configuration. I've tried a variety of different logging levels and configurations, but it just doesn't seem like the code is firing at all. Can anyone suggest what I might be doing wrong or how to further diagnose the issues?
Thanks, Craig
Craig,
Full version of 389? rpm -qa | grep 389-ds-base
You might need to restart the server after enabling the plugin, but how exactly are you "enabling" the plugin though? ldapmodify? Editing dse.ldif?
Can you provide your plugin config entry, and what you are doing where the plugin seems to not be working?
Mark
On 09/08/2015 01:51 PM, Craig Setera wrote:
I'm attempting to enable the memberof plugin in version 1.2.11 on CentOS 6.x. Unfortunately, it don't seem to be able to get the plugin enabled and functioning. With plugin logging enabled, I see other plugins logging their startup and functionality, while I see nothing from the memberof plugin despite having enabled it in the configuration. I've tried a variety of different logging levels and configurations, but it just doesn't seem like the code is firing at all. Can anyone suggest what I might be doing wrong or how to further diagnose the issues?
Thanks, Craig
--
/Craig/
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Mark,
Thanks for getting back to me. Hopefully the following will help.
[root@62ca40b09276 /]# rpm -qa 389-ds-base 389-ds-base-1.2.11.15-60.el6.x86_64
In case it matters, I'm running CentOS 6.6 inside of Docker:
[root@62ca40b09276 /]# uname -a Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
I'm using the following LDIF entries to enable the plugin:
dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on - replace: memberofgroupattr memberofgroupattr: uniqueMember - replace: memberofattr memberofattr: memberOf
Even after running the fixup task, I wasn't seeing any updates to the member attributes. I enabled plugin logging and didn't see any entries from the memberof plugin whatsoever, which I found very strange. When I was having issues trying to get the roles plugin working correct, I was at least getting error messages in the logs that helped me troubleshoot.
Thanks again, Craig
On Tue, Sep 8, 2015 at 1:58 PM, Mark Reynolds mareynol@redhat.com wrote:
Craig,
Full version of 389? rpm -qa | grep 389-ds-base
You might need to restart the server after enabling the plugin, but how exactly are you "enabling" the plugin though? ldapmodify? Editing dse.ldif?
Can you provide your plugin config entry, and what you are doing where the plugin seems to not be working?
Mark
On 09/08/2015 01:51 PM, Craig Setera wrote:
I'm attempting to enable the memberof plugin in version 1.2.11 on CentOS 6.x. Unfortunately, it don't seem to be able to get the plugin enabled and functioning. With plugin logging enabled, I see other plugins logging their startup and functionality, while I see nothing from the memberof plugin despite having enabled it in the configuration. I've tried a variety of different logging levels and configurations, but it just doesn't seem like the code is firing at all. Can anyone suggest what I might be doing wrong or how to further diagnose the issues?
Thanks, Craig
--
*Craig*
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 09/08/2015 03:06 PM, Craig Setera wrote:
Mark,
Thanks for getting back to me. Hopefully the following will help.
[root@62ca40b09276 /]# rpm -qa 389-ds-base 389-ds-base-1.2.11.15-60.el6.x86_64
In case it matters, I'm running CentOS 6.6 inside of Docker:
[root@62ca40b09276 /]# uname -a Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
I'm using the following LDIF entries to enable the plugin:
dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on
replace: memberofgroupattr memberofgroupattr: uniqueMember
replace: memberofattr memberofattr: memberOf
Hi Craig,
Did you restart the server after making the above config changes? You need to.
Do you have an objectclass present in the member entry that allows the "memberOf" attribute? Like "inetUser".
Are you adding a "uniqueMember" attribute to a group(and not the "member" attribute)?
Mark
Even after running the fixup task, I wasn't seeing any updates to the member attributes. I enabled plugin logging and didn't see any entries from the memberof plugin whatsoever, which I found very strange. When I was having issues trying to get the roles plugin working correct, I was at least getting error messages in the logs that helped me troubleshoot.
Thanks again, Craig
On Tue, Sep 8, 2015 at 1:58 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
Craig, Full version of 389? rpm -qa | grep 389-ds-base You might need to restart the server after enabling the plugin, but how exactly are you "enabling" the plugin though? ldapmodify? Editing dse.ldif? Can you provide your plugin config entry, and what you are doing where the plugin seems to not be working? Mark On 09/08/2015 01:51 PM, Craig Setera wrote:I'm attempting to enable the memberof plugin in version 1.2.11 on CentOS 6.x. Unfortunately, it don't seem to be able to get the plugin enabled and functioning. With plugin logging enabled, I see other plugins logging their startup and functionality, while I see nothing from the memberof plugin despite having enabled it in the configuration. I've tried a variety of different logging levels and configurations, but it just doesn't seem like the code is firing at all. Can anyone suggest what I might be doing wrong or how to further diagnose the issues? Thanks, Craig -- /Craig/ -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I did restart the server. The following is an example of a user entry:
dn: uid=craig@demo.com,ou=demo,ou=People,dc=demo,dc=com objectClass: accountPolicy objectClass: inetOrgPerson objectClass: inetUser objectClass: nuxeoUser objectClass: organizationalPerson objectClass: person objectClass: pwmUser objectClass: top cn: Craig Setera sn: Setera givenName: Craig mail: craig@demo.com uid: craig@demo.com
Here is an example of a group:
dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com objectClass: groupOfUniqueNames objectClass: top cn: administrators uniqueMember: uid=craig@demo.com,ou=demo,ou=People,dc=demo,dc=com
The problem that I'm seeing is that having looked at the plugin's source code, I would have expected to at least see this message in the log even if things were misconfigured:
slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "--> memberof_postop_init\n" );
It is almost like the plugin is not being loaded. However, the configuration seems like it should be fine...
Thanks again, Craig
On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds mareynol@redhat.com wrote:
On 09/08/2015 03:06 PM, Craig Setera wrote:
Mark,
Thanks for getting back to me. Hopefully the following will help.
[root@62ca40b09276 /]# rpm -qa 389-ds-base 389-ds-base-1.2.11.15-60.el6.x86_64
In case it matters, I'm running CentOS 6.6 inside of Docker:
[root@62ca40b09276 /]# uname -a Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
I'm using the following LDIF entries to enable the plugin:
dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on
replace: memberofgroupattr memberofgroupattr: uniqueMember
replace: memberofattr memberofattr: memberOf
Hi Craig,
Did you restart the server after making the above config changes? You need to.
Do you have an objectclass present in the member entry that allows the "memberOf" attribute? Like "inetUser".
Are you adding a "uniqueMember" attribute to a group(and not the "member" attribute)?
Mark
On 09/08/2015 03:31 PM, Craig Setera wrote:
I did restart the server. The following is an example of a user entry:
dn: uid=craig@demo.com mailto:craig@demo.com,ou=demo,ou=People,dc=demo,dc=com objectClass: accountPolicy objectClass: inetOrgPerson objectClass: inetUser objectClass: nuxeoUser objectClass: organizationalPerson objectClass: person objectClass: pwmUser objectClass: top cn: Craig Setera sn: Setera givenName: Craig mail: craig@demo.com mailto:craig@demo.com uid: craig@demo.com mailto:craig@demo.com
Here is an example of a group:
dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com objectClass: groupOfUniqueNames objectClass: top cn: administrators uniqueMember: uid=craig@demo.com mailto:craig@demo.com,ou=demo,ou=People,dc=demo,dc=com
The problem that I'm seeing is that having looked at the plugin's source code, I would have expected to at least see this message in the log even if things were misconfigured:
slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "--> memberof_postop_init\n" );
You'll only see this message is you use "trace function calls" logging:
nsslapd-errorlog-loglevel: 1
Note - this will slow the server down considerably (I would not set this log level in production)
If you still are not seeing this log message then something weird is going on.
Can I see what your memberOf plugin entry looks like?
Thanks, Mark
It is almost like the plugin is not being loaded. However, the configuration seems like it should be fine...
Thanks again, Craig
On Tue, Sep 8, 2015 at 2:12 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
On 09/08/2015 03:06 PM, Craig Setera wrote:Mark, Thanks for getting back to me. Hopefully the following will help. [root@62ca40b09276 /]# rpm -qa 389-ds-base 389-ds-base-1.2.11.15-60.el6.x86_64 In case it matters, I'm running CentOS 6.6 inside of Docker: [root@62ca40b09276 /]# uname -a Linux 62ca40b09276 4.0.9-boot2docker #1 SMP Thu Aug 13 03:05:44 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux I'm using the following LDIF entries to enable the plugin: dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on - replace: memberofgroupattr memberofgroupattr: uniqueMember - replace: memberofattr memberofattr: memberOfHi Craig, Did you restart the server after making the above config changes? You need to. Do you have an objectclass present in the member entry that allows the "memberOf" attribute? Like "inetUser". Are you adding a "uniqueMember" attribute to a group(and not the "member" attribute)? Mark-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
It works!
I figured out why I wasn't getting logging in the first place and convinced myself the plugin was actually running. What I can't figure out is why it didn't seem to be working before, but now it does seem to be working. Very strange, but clearly operator error of some sort.
Can you tell me if the fixup process needs to be run manually on a regular basis or does the plugin "hook" changes once it is up and running? I may have been triggering the fixup process incorrectly if it must be run regularly.
Thanks again for the help and sorry for any confusion. Craig
On Tue, Sep 8, 2015 at 2:52 PM, Mark Reynolds mareynol@redhat.com wrote:
On 09/08/2015 03:31 PM, Craig Setera wrote:
I did restart the server. The following is an example of a user entry:
dn: uid=craig@demo.com,ou=demo,ou=People,dc=demo,dc=com objectClass: accountPolicy objectClass: inetOrgPerson objectClass: inetUser objectClass: nuxeoUser objectClass: organizationalPerson objectClass: person objectClass: pwmUser objectClass: top cn: Craig Setera sn: Setera givenName: Craig mail: craig@demo.com uid: craig@demo.com
Here is an example of a group:
dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com objectClass: groupOfUniqueNames objectClass: top cn: administrators uniqueMember: uid=craig@demo.com,ou=demo,ou=People,dc=demo,dc=com
The problem that I'm seeing is that having looked at the plugin's source code, I would have expected to at least see this message in the log even if things were misconfigured:
slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "--> memberof_postop_init\n" );
On 09/08/2015 04:49 PM, Craig Setera wrote:
It works!
I figured out why I wasn't getting logging in the first place and convinced myself the plugin was actually running. What I can't figure out is why it didn't seem to be working before, but now it does seem to be working. Very strange, but clearly operator error of some sort.
Can you tell me if the fixup process needs to be run manually on a regular basis or does the plugin "hook" changes once it is up and running? I may have been triggering the fixup process incorrectly if it must be run regularly.
Hi Craig,
You should only need to run it once(after setting up the plugin), then the plugin should handle it from there on after.
Regards, Mark
Thanks again for the help and sorry for any confusion. Craig
On Tue, Sep 8, 2015 at 2:52 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
On 09/08/2015 03:31 PM, Craig Setera wrote:I did restart the server. The following is an example of a user entry: dn: uid=craig@demo.com <mailto:craig@demo.com>,ou=demo,ou=People,dc=demo,dc=com objectClass: accountPolicy objectClass: inetOrgPerson objectClass: inetUser objectClass: nuxeoUser objectClass: organizationalPerson objectClass: person objectClass: pwmUser objectClass: top cn: Craig Setera sn: Setera givenName: Craig mail: craig@demo.com <mailto:craig@demo.com> uid: craig@demo.com <mailto:craig@demo.com> Here is an example of a group: dn: cn=administrators,ou=demo,ou=Groups,dc=demo,dc=com objectClass: groupOfUniqueNames objectClass: top cn: administrators uniqueMember: uid=craig@demo.com <mailto:craig@demo.com>,ou=demo,ou=People,dc=demo,dc=com The problem that I'm seeing is that having looked at the plugin's source code, I would have expected to at least see this message in the log even if things were misconfigured: slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "--> memberof_postop_init\n" );-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Craig Setera -
Mark Reynolds