FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 05-20-2011, 07:56 AM
Juan Carlos Camargo Carrillo
 
Default memberOf attribute and plugin behaviour between sub-suffixes.

Is the memberOf attribute handling by the memberOf plugin limited to objects inside the same subsuffix?

If it's not planned as such* please doublecheck this behaviour within the following scenario:



- suffix dc=directory,dc=org

- subsuffix ou=users,dc=directory,dc=org

- subsuffix ou=testing,ou=users,dc=directory,dc=org



We have then three databases. They're not replicated. The membefOf plugin works only with elements (users and groups) that belong to the same subsuffix.* But not between different subsuffixes. As such, if you make a user of ou=testing... member of a group of ou=users then the plugin will not populate the memberOf attribute for that user.



The same here:

- subsuffix ou=users,dc=example,dc=com

- subsuffix ou=grupos,dc=example,dc=com



Here the plugin wont work either.* If you make a user inside ou=users member of a group inside ou=groups then the value of memberOf wont be populated.



If you set debug to heavy trace, you'll see that the plugin runs in every situation but:

1.- when the objects belong to the same subsuffix, adding one membership triggers the memberOf plugin to "ldap replace" values, which is correct.

2.- when the objects belong to different subsuffix, adding one membership triggers the memberOf plugin to "ldap REMOVE" values, which amazes me.





DS 1.2.8.2 CentOS5.


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-23-2011, 10:23 PM
Rich Megginson
 
Default memberOf attribute and plugin behaviour between sub-suffixes.

On 05/22/2011 11:41 PM, Juan Carlos Camargo Carrillo wrote:



Thanks for answering. Here you go:



# MemberOf Plugin, plugins, config

dn: cn=MemberOf Plugin,cn=plugins,cn=config

objectClass: top

objectClass: nsSlapdPlugin

objectClass: extensibleObject

cn: MemberOf Plugin

nsslapd-pluginPath: libmemberof-plugin

nsslapd-pluginInitfunc: memberof_postop_init

nsslapd-pluginType: postoperation

nsslapd-pluginEnabled: on

nsslapd-plugin-depends-on-type: database

memberofgroupattr: uniqueMember

memberofattr: memberOf

nsslapd-pluginId: memberof

nsslapd-pluginVersion: 1.2.8.2

nsslapd-pluginVendor: 389 Project

nsslapd-pluginDescription: memberof plugin


Thanks.* It looks as though memberOf does not work across
sub-suffix/backend boundaries.






El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribió:

On 05/20/2011 01:56 AM, Juan Carlos
Camargo Carrillo wrote:

Is the memberOf attribute handling by
the memberOf plugin limited to objects inside the same
subsuffix?

If it's not planned as such* please doublecheck this behaviour
within the following scenario:



- suffix dc=directory,dc=org

- subsuffix ou=users,dc=directory,dc=org

- subsuffix ou=testing,ou=users,dc=directory,dc=org



We have then three databases. They're not replicated. The
membefOf plugin works only with elements (users and groups)
that belong to the same subsuffix.* But not between different
subsuffixes. As such, if you make a user of ou=testing...
member of a group of ou=users then the plugin will not
populate the memberOf attribute for that user.



The same here:

- subsuffix ou=users,dc=example,dc=com

- subsuffix ou=grupos,dc=example,dc=com



Here the plugin wont work either.* If you make a user inside
ou=users member of a group inside ou=groups then the value of
memberOf wont be populated.



If you set debug to heavy trace, you'll see that the plugin
runs in every situation but:

1.- when the objects belong to the same subsuffix, adding one
membership triggers the memberOf plugin to "ldap replace"
values, which is correct.

2.- when the objects belong to different subsuffix, adding one
membership triggers the memberOf plugin to "ldap REMOVE"
values, which amazes me.


Can you post your memberOf plugin configuration?





DS 1.2.8.2 CentOS5.

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users












--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 11:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org