Just for posterity. The issue ended up being that the AD and FreeIPA
were out of sync. One of the sub-containers in the Active Directory
containing disabled accounts was moved outside of the scope of the sync
agreement. We never ran a replica init, so a number of scheduled syncs
were pending.
James Roman wrote:
Just for posterity. The issue ended up being that the AD and FreeIPA
were out of sync. One of the sub-containers in the Active Directory
containing disabled accounts was moved outside of the scope of the sync
agreement. We never ran a replica init, so a number of scheduled
Well, the current 389 memberOf is a bit more advanced than the
ipa-memberOf. We did the initial development of the plugin, then it
got moved into mainline 389-ds. The ipa plugin should work fine
though, I don't know of any reason to switch.
rob
Any idea why both are being executed? Even
To actually disable the plugin you need a restart after you change the
config, but please *do not* do that unless you want trouble :)
The memberof plugin does not change group memberships it only updates
the memberof attribute to keep it in sync with the member ones.
Simo.
Just to
On Wed, 17 Mar 2010 15:24:18 -0400
James Roman james.ro...@ssaihq.com wrote:
To actually disable the plugin you need a restart after you change
the config, but please *do not* do that unless you want trouble :)
The memberof plugin does not change group memberships it only
updates the
