[Freeipa-users] MemberOf plugin keeps disabling account
James Roman
james.roman at ssaihq.com
Wed Mar 17 20:00:02 UTC 2010
> The memberof plugin does not change group memberships it only updates
> the memberof attribute to keep it in sync with the member ones.
>
> Simo.
>
>
I made a mistake interpreting the audit log initially. I realized after
I created the subject that the MemberOf changes reflect the changes
being made in the background to the individual record to populate the
memberOf attributes for the change I initiated. Since the audit records
don't actually say what the MemberOf plugins are changing in the record
(they only report updating the modifiersname), I thought it was actually
what was changing the group membership back.
Something else was changing the group membership back (or rolling back
the initial change), but it is not being recorded in the audit logs.
I still can't get my head around why the audit log reports both plugins
making changes to the record, even though the 389 MemberOf plugin is
disabled.
time: 20100317111527
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=ipa-memberof,cn=plugins,cn=config
-
replace: modifyTimestamp
modifyTimestamp: 20100317151502Z
-
time: 20100317111529
dn: uid=afflicted.user,cn=users,cn=accounts,dc=domain,dc=com
changetype: modify
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
More information about the Freeipa-users
mailing list