Bug 804153

Summary: memberOf attribute and plugin behaviour between sub-suffixes
Product: [Fedora] Fedora Reporter: Fabien Covez <fabien.covez>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: rawhideCC: edewata, liocourt, nhosoi, nkinder, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11.1-1.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-04 23:35:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fabien Covez 2012-03-16 16:57:20 UTC 
Description of problem:
It seems that the memberOf attribute handling by the memberOf plugin limited to objects inside the same subsuffix.
If my group suffix is based on a different database from my user suffix, then the memberof plugin does not update the memberof attribute.
The plugin works only if users and groups are locatred in the same suffix.


Version-Release number of selected component (if applicable):
v. 1.2.10.4

How reproducible:
see description

Steps to Reproduce:
1.
2.
3.
  
Actual results:
Unable to use this plugin because memberof does not work properly.

Expected results:
Add the correct attribute to the user entry

Additional info:
Comment 1 Nathan Kinder 2012-03-16 17:11:05 UTC 
The memberOf plug-in does not work across multiple backend databases by design.  There are concerns of things getting out of sync if one backend is taken offline or put in a read-only state, as memberOf wouldn't be able to preform updates properly in that case.

It is possible that code changes could be made to allow memberOf to perform updates across backend databases, but there are chances for membership inconsistencies to arise.
Comment 2 Fabien Covez 2012-03-20 22:28:00 UTC 
The first need is that it works in the standard case. No matter  if it does not work in particular cases (offline backend, read only...).
Comment 3 Nathan Kinder 2012-03-21 15:08:02 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/326
Comment 8 Nathan Kinder 2013-03-04 23:35:47 UTC 
This was fixed in 389-ds-base-1.2.11.1-1.fc17.  Closing.