On 10/22/2013 11:44 AM, Jonathan Vaughn wrote:
That was exactly the way we ran it, per that documentation, but it
didn't appear to do anything.
You can check the /var/log/dirsrv/slapd-INST/errors log file to see if
it ran and if there were any errors.
So, I figured out that just adding/removing users from groups would
trigger it to update ALL groups for that user,
Yes, it does.
so I just bulk added everyone to a group and problem solved.
On Tue, Oct 22, 2013 at 12:01 PM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
On 10/22/2013 10:52 AM, Jonathan Vaughn wrote:
Existing entries are not added automatically when enabling the
plugin, you have to either run the fixup-memberof.pl
<http://fixup-memberof.pl> script (if it works for you - it never
did anything for us),
This is the documented way to do it.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
6.1.4.5. Synchronizing memberOf Values
The MemberOf Plug-in automatically manages the memberOf attribute
on group member entries, based on the configuration in the group
entry itself. However, the memberOf attribute can be edited on a
user entry directly (which is improper) or new entries can be
imported or replicated over to the server that have a memberOf
attribute already set. These situations create inconsistencies
between the memberOf configuration managed by the server plug-in
and the actual memberships defined for an entry.
Directory Server has a memberOf repair task which manually runs
the plug-in to make sure the appropriate memberOf attributes are
set on entries. There are three ways to trigger this task:
In the Directory Server Console
Using the fixup-memberof.pl <http://fixup-memberof.pl> script
Running a cn=memberof task,cn=tasks,cn=config tasks entry
6.1.4.5.1. Initializing and Regenerating memberOf Attributes Using
fixup-memberof.pl <http://fixup-memberof.pl>
The fixup-memberof.pl <http://fixup-memberof.pl> script launches a
special task to regenerate all of the memberOf attributes on user
entries based on the defined member attributes in the group
entries. This is a clean-up task which synchronizes the membership
defined in group entries and the corresponding user entries and
overwrites any accidental or improper edits on the user entries.
Open the tool directory for the Directory Server instance,
/usr/lib/dirsrv/slapd-instance_name/.
Run the script, binding as the Directory Manager.
./fixup-memberof.pl <http://fixup-memberof.pl> -D
"cn=Directory Manager" -w password
The fixup-memberof.pl <http://fixup-memberof.pl> command is
described in more detail in the Configuration and Command-Line
Tool Reference.
If it is not working for you, then please describe the steps you
took.
or you have to make a change to each pre-existing user to trigger
the memberOf updating. The easiest way to do that is to simply
create a group and add everyone to it, then remove it (unless of
course you actually have a use for said group). If you already
have a group with everyone in it, you can probably create a new
group, and add that group as a member of the new group.
On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes
<lars.re...@symbio.com <mailto:lars.re...@symbio.com>> wrote:
I'm not sure if existing entries are added automatically when
you enable the plugin.
I would assume so, but in any case at any time you can run
the fix-up task that will sync the attributes.
You can define the scope for the task using a filter, for
example, fix only ou=orgunit,ou=People,... branch of the DIT.
--
Lars Remes / Service Quality
lars.re...@symbio.com <mailto:lars.re...@symbio.com>
www.symbio.com <http://www.symbio.com>
> -----Original Message-----
> From: 389-users-boun...@lists.fedoraproject.org
<mailto:389-users-boun...@lists.fedoraproject.org>
[mailto:389-users- <mailto:389-users->
> boun...@lists.fedoraproject.org
<mailto:boun...@lists.fedoraproject.org>] On Behalf Of Vesa Alho
> Sent: 21. lokakuuta 2013 15:50
> To: 389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
> Subject: Re: [389-users] MemberOf Plugin - experiences?
>
> On 10/21/2013 01:37 PM, Lars Remes wrote:
> > We are using the memberOf plugin in a global,
multi-master-multi-slave
> setup, and so far we have not encountered any major issues.
> >
> > You can easily change the membership attribute, for
example, to
> memberUid.
> > MMR is handled by not replicating the memberOf attribute
between
> masters, but the attribute IS copied to slaves. Each master
runs own instance
> of the plugin.
> >
> > Sometimes you may need to manual launch the fix-up task,
but that has
> been quite rare.
> > If necessary, you can schedule it to run periodically.
>
> How does it work for already existing entries if I enable
the plugin? Do
> I need add them "manually" or does the plugin add them
automatically?
>
> Naturally I will test this well before changing production,
but just
> interested what it takes to start using it.
>
> Thanks for replying!
>
> -Vesa
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
