On 11/10/2009 08:35 PM, John A. Sullivan III wrote:
Hello, all. I'm running CentOS Directory Server 8.1 on CentOS 5.4. For
some reason, the memberof plugin does not seem to be working on the
replica. My first suspicion is we have done something wrong but I
wonder if there is an error in the documentation. Here are the details.
We are single master setup with a single replica. We noticed some of
our LDAP queries were not correctly detecting group membership. We
double checked the memberofplugin configuration and, for some reason, it
seem to have reverted to looking at member instead of uniquemember. We
changed this on the master and our problem went away.
However, in the process of double-checking our steps, we read that the
memberof attribute should NOT be replicated. We had not excluded it.
So, we destroyed the replication agreement, created a new fractional
replication enabled one, and reinitialized the replica. All of the
memberof information was missing from all users on the replica. We then
tried to rebuild it by running the fixup-memberof.pl script. That
didn't work. We then simply tried deleting users from groups and adding
them to see if that would work. It worked fine on the master but not on
the replica.
Is the documentation in error and replication of memberof should be
excluded only in multimaster but should be propagated to consumers or
have we done something wrong? I compared the memberofplugin definitions
in dse.ldif on both and they look identical including being enabled.
Nothing is jumping out in the error or audit logs.
The only reason for using fractional replication to exclude the memberOf
attribute is to avoid any sort of dangling membership issue when using
multi-master replication. In your single-master replication setup, you
only need to configure the memberOf plug-in on your master, not the
replica. You can then safely replicate the memberOf attribute since a
single-master replication scenario has no chance for conflicting changes
from separate masters.
Please open a documentation bug on this so we can get things cleared up
in the manuals.
We eventually added memberof to the replication agreement and
resynchronized just to get the data across. We've pulled it back out
and, as expected, any changes are not replicating. What are we doing
wrong? Where do we look next to troubleshoot it? Thanks - John
--
389 users mailing list
389-us...@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
