[Freeipa-devel] memberOf wierdness
Simo Sorce
ssorce at redhat.com
Tue Oct 30 15:47:03 UTC 2007
On Tue, 2007-10-30 at 11:38 -0400, Rob Crittenden wrote:
> In my experimentation with new indeces I found a strange issue with
> memberOf.
>
> If I install IPA, get a ticket for admin and do:
>
> ldapsearch -Y GSSAPI -b "dc=freeipa,dc=org"
> "memberof=cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=org" cn
>
> I get 0 results back.
>
> If I use ipa-adduser and then add that user to the admins group and then
> issue the search again, I get 1 result back, the user I just added.
>
> The user admin has the following OC's:
>
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> objectClass: KrbPrincipalAux
>
> My test user has:
>
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: inetUser
> objectClass: posixAccount
> objectClass: krbPrincipalAux
>
> Could this have something to do with it?
No the problem is not with indices.
The problem is that we activate the memberOf plugin "after" the admin
account has been created.
I asked back then Pete to show us how to activate the FDS task to make
the memberOf plugin check the directory, but that must have been
forgotten, I'll open a ticket and assign to Pete.
Simo.
More information about the Freeipa-devel
mailing list