That was exactly the way we ran it, per that documentation, but it didn't appear to do anything. So, I figured out that just adding/removing users from groups would trigger it to update ALL groups for that user, so I just bulk added everyone to a group and problem solved.
On Tue, Oct 22, 2013 at 12:01 PM, Rich Megginson <[email protected]>wrote: > On 10/22/2013 10:52 AM, Jonathan Vaughn wrote: > > Existing entries are not added automatically when enabling the plugin, you > have to either run the fixup-memberof.pl script (if it works for you - it > never did anything for us), > > > This is the documented way to do it. > > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof > > 6.1.4.5. Synchronizing memberOf Values > The MemberOf Plug-in automatically manages the memberOf attribute on group > member entries, based on the configuration in the group entry itself. > However, the memberOf attribute can be edited on a user entry directly > (which is improper) or new entries can be imported or replicated over to > the server that have a memberOf attribute already set. These situations > create inconsistencies between the memberOf configuration managed by the > server plug-in and the actual memberships defined for an entry. > Directory Server has a memberOf repair task which manually runs the > plug-in to make sure the appropriate memberOf attributes are set on > entries. There are three ways to trigger this task: > > In the Directory Server Console > Using the fixup-memberof.pl script > Running a cn=memberof task,cn=tasks,cn=config tasks entry > > 6.1.4.5.1. Initializing and Regenerating memberOf Attributes Using > fixup-memberof.pl > The fixup-memberof.pl script launches a special task to regenerate all of > the memberOf attributes on user entries based on the defined member > attributes in the group entries. This is a clean-up task which synchronizes > the membership defined in group entries and the corresponding user entries > and overwrites any accidental or improper edits on the user entries. > > Open the tool directory for the Directory Server instance, > /usr/lib/dirsrv/slapd-instance_name/. > Run the script, binding as the Directory Manager. > > ./fixup-memberof.pl -D "cn=Directory Manager" -w password > > The fixup-memberof.pl command is described in more detail in the > Configuration and Command-Line Tool Reference. > > If it is not working for you, then please describe the steps you took. > > > or you have to make a change to each pre-existing user to trigger the > memberOf updating. The easiest way to do that is to simply create a group > and add everyone to it, then remove it (unless of course you actually have > a use for said group). If you already have a group with everyone in it, you > can probably create a new group, and add that group as a member of the new > group. > > > > On Tue, Oct 22, 2013 at 12:33 AM, Lars Remes <[email protected]>wrote: > >> I'm not sure if existing entries are added automatically when you enable >> the plugin. >> I would assume so, but in any case at any time you can run the fix-up >> task that will sync the attributes. >> You can define the scope for the task using a filter, for example, fix >> only ou=orgunit,ou=People,... branch of the DIT. >> >> -- >> Lars Remes / Service Quality >> >> [email protected] >> www.symbio.com >> >> >> > -----Original Message----- >> > From: [email protected] [mailto:389-users- >> > [email protected]] On Behalf Of Vesa Alho >> > Sent: 21. lokakuuta 2013 15:50 >> > To: [email protected] >> > Subject: Re: [389-users] MemberOf Plugin - experiences? >> > >> > On 10/21/2013 01:37 PM, Lars Remes wrote: >> > > We are using the memberOf plugin in a global, multi-master-multi-slave >> > setup, and so far we have not encountered any major issues. >> > > >> > > You can easily change the membership attribute, for example, to >> > memberUid. >> > > MMR is handled by not replicating the memberOf attribute between >> > masters, but the attribute IS copied to slaves. Each master runs own >> instance >> > of the plugin. >> > > >> > > Sometimes you may need to manual launch the fix-up task, but that has >> > been quite rare. >> > > If necessary, you can schedule it to run periodically. >> > >> > How does it work for already existing entries if I enable the plugin? Do >> > I need add them "manually" or does the plugin add them automatically? >> > >> > Naturally I will test this well before changing production, but just >> > interested what it takes to start using it. >> > >> > Thanks for replying! >> > >> > -Vesa >> > >> > -- >> > 389 users mailing list >> > [email protected] >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> -- >> 389 users mailing list >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > > -- > 389 users mailing > [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users > > >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
