On Wed, 17 Mar 2010 14:01:47 -0400
James Roman <james.ro...@ssaihq.com> wrote:

> > Well, the current 389 memberOf is a bit more advanced than the 
> > ipa-memberOf. We did the initial development of the plugin, then it 
> > got moved into mainline 389-ds. The ipa plugin should work fine 
> > though, I don't know of any reason to switch.
> >
> > rob
> Any idea why both are being executed? Even when the MemberOf Plugin
> is disabled?
> # ipa-memberof, plugins, config
> dn: cn=ipa-memberof,cn=plugins,cn=config
> ......
> nsslapd-pluginEnabled: on
> # MemberOf Plugin, plugins, config
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> ......
> nsslapd-pluginEnabled: off
> Is it possible that the DS upgrade steps on the ipa-memberof
> libraries in some way, causing both to be executed? I would imagine
> that having two plugins making the same update to the directory could
> be problematic.  Maybe its the way the audit logging is occurring.

To actually disable the plugin you need a restart after you change the
config, but please *do not* do that unless you want trouble :)

The memberof plugin does not change group memberships it only updates
the memberof attribute to keep it in sync with the member ones.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to