[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
memberOf and glued databases
Hi,
short question first:
Is overlay memberOf supposed to work with glued databases in any direction?
I tried with 2.4.28 and get the following results:
slapd.conf with two databases
1. step
-------
This is simple. MemberOf overlay only in one database
ou=groups,ou=foo,ou=bar (subordinated).
database hbd
suffix ou=groups,ou=foo,ou=bar
subordinate
...
overlay memberof
memberof-group-ac groupOfNames
memberof-member-ad member
memberof-memberof-ad memberof
database bdb
suffix ou=bar
...
- created one inetOrgPerson object
employeenumber=11,ou=groups,ou=foo,ou=bar
- created one group
ou=2,ou=groups,ou=foo,ou=bar
with
member: employeenumber=11,ou=groups,ou=foo,ou=bar
=> memberOf in employeenumber=11,ou=groups,ou=foo,ou=bar is set and
unset just fine.
=> no modifications in superior database ou=bar
2. step
-------
overlay loaded in both databases
database hbd
suffix ou=groups,ou=foo,ou=bar
subordinate
...
overlay memberof
memberof-group-ac groupOfNames
memberof-member-ad member
memberof-memberof-ad memberof
database bdb
suffix ou=bar
...
overlay memberof
memberof-group-ac groupOfNames
memberof-member-ad member
memberof-memberof-ad memberof
=> modification in the subordinated database work in 1. step.
- created one inetOrgPerson object
employeenumber=1,ou=bar
- created one group
ou=1,ou=bar
with
member: employeenumber=1,ou=bar
=> memberOf in employeenumber=1,ou=bar is set and unset just fine.
memberOf is working in the superior database.
- setting group ou=1,ou=bar
member: employeenumber=11,ou=groups,ou=foo,ou=bar
=> memberOf in employeenumber=11,ou=groups,ou=foo,ou=bar is set and
unset just fine.
Changes in groups of superior databases work in subordinate
databases!
- setting group ou=2,ou=groups,ou=foo,ou=bar
member: employeenumber=1,ou=bar
=> does _not_ work:
memberof_value_modify DN="employeenumber=1,ou=bar" add memberOf
="ou=2,ou=groups,ou=foo,ou=bar" failed err=32
Changes in groups of subordinated databases do not work in the
superior database!
3. step
-------
setting "overlay glue" explicitly and removing overlay memberof from the
subordinate database:
database hbd
suffix ou=groups,ou=foo,ou=bar
subordinate
...
database bdb
suffix ou=bar
...
overlay memberof
memberof-group-ac groupOfNames
memberof-member-ad member
memberof-memberof-ad memberof
overlay glue
=> changes in the subordinated database are _not_ managed by the
overlay.
=> changes in groups of superior databases work in subordinate
databases and in the superior database!
3. step II
----------
if glue is located in slapd.conf before memberof (which is IMHO wrong)
and MOD on member in a group in the subordinated database is send, slapd
segfaults!
4. step
-------
setting "overlay glue" explicitly and overlay memberof in both databases:
database hbd
suffix ou=groups,ou=foo,ou=bar
subordinate
...
overlay memberof
memberof-group-ac groupOfNames
memberof-member-ad member
memberof-memberof-ad memberof
database bdb
suffix ou=bar
...
overlay memberof
memberof-group-ac groupOfNames
memberof-member-ad member
memberof-memberof-ad memberof
overlay glue
=> like 2. step
So the best I get is
- memberOf works in the database, where it is set
- memberOf works for group changes in superior database on members in
subordinated databases
- memberOf does not work for group changes in subordinated databases to
members in superior databases.
Is this the way it is supposed to work?
What I really wanted to achieve is to get memerOf to work between
database (under glue) of the same level. (Like ou=1,ou=foo and
ou=2,ou=foo both subordinated of ou=foo.) But while my testings above
did not succeed, it did not tried.
Marc