[Freeipa-users] MemberOf plugin keeps disabling account
James Roman
james.roman at ssaihq.com
Wed Mar 17 15:32:55 UTC 2010
I have a single account that keeps getting disabled by the memberOf
Plugin, even though it is disabled.
# MemberOf Plugin, plugins, config
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: off
nsslapd-plugin-depends-on-type: database
memberofgroupattr: member
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.5
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
The individual account is on both the Active directory and our FreeIPA
server. We keep trying to enable the account in Windows and in FreeIPA,
but the plugin keeps following up and disabling it.
time: 20100317111143
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151114Z
-
time: 20100317111526
dn: cn=inactivated,cn=account inactivation,cn=accounts,dc=domain,dc=com
changetype: modify
delete: member
member: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
-
replace: modifiersname
modifiersname: uid=FreeipaAdminUser,cn=users,cn=accounts,dc=domain,dc=com
-
replace: modifytimestamp
modifytimestamp: 20100317151526Z
-
time: 20100317111526
dn: cn=activated,cn=account inactivation,cn=accounts,dc=domain,dc=com
changetype: modify
add: member
member: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
-
replace: modifiersname
modifiersname: uid=FreeipaAdminUser,cn=users,cn=accounts,dc=domain,dc=com
-
replace: modifytimestamp
modifytimestamp: 20100317151526Z
-
time: 20100317111527
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=ipa-memberof,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151502Z
-
time: 20100317111529
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151502Z
-
time: 20100317111530
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=ipa-memberof,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151502Z
-
time: 20100317111530
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151502Z
-
time: 20100317111640
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=ipa-memberof,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151615Z
-
time: 20100317111642
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151615Z
-
time: 20100317111642
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=ipa-memberof,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151615Z
-
time: 20100317111643
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151615Z
Am I missing something? What do I need to do to get the MemeberOf plugin
from stepping on our changes? We have FreeIPA 1.2.2 and 389-DS 1.2.5 on
FC11.
More information about the Freeipa-users
mailing list