Re: [389-users] memberOf attribute and plugin behaviour between sub-suffixes.

2011-05-23 Thread Rich Megginson 

On 05/22/2011 11:41 PM, Juan Carlos Camargo Carrillo wrote:

Thanks for answering. Here you go:

# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
Thanks.  It looks as though memberOf does not work across 
sub-suffix/backend boundaries.



El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribió:

On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote:
Is the memberOf attribute handling by the memberOf plugin limited to 
objects inside the same subsuffix?
If it's not planned as such  please doublecheck this behaviour 
within the following scenario:


- suffix dc=directory,dc=org
- subsuffix ou=users,dc=directory,dc=org
- subsuffix ou=testing,ou=users,dc=directory,dc=org

We have then three databases. They're not replicated. The membefOf 
plugin works only with elements (users and groups) that belong to 
the same subsuffix.  But not between different subsuffixes. As such, 
if you make a user of ou=testing... member of a group of ou=users 
then the plugin will not populate the memberOf attribute for that user.


The same here:
- subsuffix ou=users,dc=example,dc=com
- subsuffix ou=grupos,dc=example,dc=com

Here the plugin wont work either.  If you make a user inside 
ou=users member of a group inside ou=groups then the value of 
memberOf wont be populated.


If you set debug to heavy trace, you'll see that the plugin runs in 
every situation but:
1.- when the objects belong to the same subsuffix, adding one 
membership triggers the memberOf plugin to ldap replace values, 
which is correct.
2.- when the objects belong to different subsuffix, adding one 
membership triggers the memberOf plugin to ldap REMOVE values, 
which amazes me.

Can you post your memberOf plugin configuration?



DS 1.2.8.2 CentOS5.
--
389 users mailing list
389-users@lists.fedoraproject.org  mailto:389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] memberOf attribute and plugin behaviour between sub-suffixes.

2011-05-22 Thread Juan Carlos Camargo Carrillo 
Thanks for answering. Here you go:

# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin


El vie, 20-05-2011 a las 08:53 -0600, Rich Megginson escribió:

 On 05/20/2011 01:56 AM, Juan Carlos Camargo Carrillo wrote: 
 
  Is the memberOf attribute handling by the memberOf plugin limited to
  objects inside the same subsuffix?
  If it's not planned as such  please doublecheck this behaviour
  within the following scenario:
  
  - suffix dc=directory,dc=org
  - subsuffix ou=users,dc=directory,dc=org
  - subsuffix ou=testing,ou=users,dc=directory,dc=org
  
  We have then three databases. They're not replicated. The membefOf
  plugin works only with elements (users and groups) that belong to
  the same subsuffix.  But not between different subsuffixes. As such,
  if you make a user of ou=testing... member of a group of ou=users
  then the plugin will not populate the memberOf attribute for that
  user. 
  
  The same here:
  - subsuffix ou=users,dc=example,dc=com
  - subsuffix ou=grupos,dc=example,dc=com
  
  Here the plugin wont work either.  If you make a user inside
  ou=users member of a group inside ou=groups then the value of
  memberOf wont be populated. 
  
  If you set debug to heavy trace, you'll see that the plugin runs in
  every situation but:
  1.- when the objects belong to the same subsuffix, adding one
  membership triggers the memberOf plugin to ldap replace values,
  which is correct.
  2.- when the objects belong to different subsuffix, adding one
  membership triggers the memberOf plugin to ldap REMOVE values,
  which amazes me.
 
 Can you post your memberOf plugin configuration?
 
  
  
  DS 1.2.8.2 CentOS5. 
  
  
  --
  389 users mailing list
  389-users@lists.fedoraproject.org
  https://admin.fedoraproject.org/mailman/listinfo/389-users
 
 


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users