On Wed, 17 Mar 2010 14:01:47 -0400 James Roman <[email protected]> wrote:
> > > Well, the current 389 memberOf is a bit more advanced than the > > ipa-memberOf. We did the initial development of the plugin, then it > > got moved into mainline 389-ds. The ipa plugin should work fine > > though, I don't know of any reason to switch. > > > > rob > Any idea why both are being executed? Even when the MemberOf Plugin > is disabled? > > # ipa-memberof, plugins, config > dn: cn=ipa-memberof,cn=plugins,cn=config > ...... > nsslapd-pluginEnabled: on > > > # MemberOf Plugin, plugins, config > dn: cn=MemberOf Plugin,cn=plugins,cn=config > ...... > nsslapd-pluginEnabled: off > > Is it possible that the DS upgrade steps on the ipa-memberof > libraries in some way, causing both to be executed? I would imagine > that having two plugins making the same update to the directory could > be problematic. Maybe its the way the audit logging is occurring. To actually disable the plugin you need a restart after you change the config, but please *do not* do that unless you want trouble :) The memberof plugin does not change group memberships it only updates the memberof attribute to keep it in sync with the member ones. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
