[Freeipa-devel] memberOf wierdness
Rob Crittenden
rcritten at redhat.com
Tue Oct 30 15:58:37 UTC 2007
Simo Sorce wrote:
> On Tue, 2007-10-30 at 11:38 -0400, Rob Crittenden wrote:
>> In my experimentation with new indeces I found a strange issue with
>> memberOf.
>>
>> If I install IPA, get a ticket for admin and do:
>>
>> ldapsearch -Y GSSAPI -b "dc=freeipa,dc=org"
>> "memberof=cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=org" cn
>>
>> I get 0 results back.
>>
>> If I use ipa-adduser and then add that user to the admins group and then
>> issue the search again, I get 1 result back, the user I just added.
>>
>> The user admin has the following OC's:
>>
>> objectClass: top
>> objectClass: person
>> objectClass: posixAccount
>> objectClass: KrbPrincipalAux
>>
>> My test user has:
>>
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: inetUser
>> objectClass: posixAccount
>> objectClass: krbPrincipalAux
>>
>> Could this have something to do with it?
>
> No the problem is not with indices.
> The problem is that we activate the memberOf plugin "after" the admin
> account has been created.
>
> I asked back then Pete to show us how to activate the FDS task to make
> the memberOf plugin check the directory, but that must have been
> forgotten, I'll open a ticket and assign to Pete.
>
No, the index is added first. The last thing that happens in
dsinstance.py is a call to __add_default_layout() which loads
bootstrap-template.ldif.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071030/bec91e2b/attachment.bin>
More information about the Freeipa-devel
mailing list