Bug 862771 - MemberOf plugin in 389-ds-base appears to ignore memberHost and memberUser.
MemberOf plugin in 389-ds-base appears to ignore memberHost and memberUser.
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
x86_64 Linux
unspecified Severity urgent
: rc
: ---
Assigned To: Rich Megginson
Depends On:
  Show dependency treegraph
Reported: 2012-10-03 09:57 EDT by Jr Aquino
Modified: 2012-10-03 23:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-10-03 23:27:19 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jr Aquino 2012-10-03 09:57:13 EDT
Description of problem:
MemberOf plugin in 389-ds-base appears to ignore memberHost and memberUser.
This is a critical problem for idM / IPA.  This makes the Production Red Hat idM non-functional for use with Sudo.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Fully Install Red Hat idM (yum install ipa-server && ipa-server-install ...)
2. Create hostgroup (ipa hostgroup-add hostgroup_name)
3. Verify that hostgroup automatically spawned a netgroup (ldapsearch -x -D "cn=Directory Manager" -H ldap://ipa.expample.com -b cn=hostgroup_name,cn=ng,cn=alt,cn=accounts,dc=example,dc=com  -W)
4. Verify that the hostgroup is a memberHost entry within the Netgroup
5. Verify that the host object only contains a memberOf for the hostgroup, but is missing a memberOf for the netgroup.
6. Manually add the host as a 'member' of the netgroup
7. Verify that the memberOf entry is now present in the host object
Actual results:
memberOf attribute is missing from host object

Expected results:
memberOf attribute points to group objects which have a memberHost attribute for the host.

Additional info:
Comment 2 Jr Aquino 2012-10-03 20:51:43 EDT
Further Details:  The issue appears to have presented itself with all 'replica' servers, and the issue was _not_ able to be reproduced successfully with fresh new RHEL6.3 idM installs.

Issue came clean while testing.  Performed a reinitialize on one of the affected mastered and the memberof data cleared up.  Verified all other RHEL6.3 replica peers also reflected clean memberof data.

Perhaps the issue stemmed from some form of corruption in the replication that was effecting how memberof was trying to process the affected entries.

Will keep a close eye out if the problem returns.  At this point I can no longer replicate the issue.
Canceling ticket.
Comment 3 Dmitri Pal 2012-10-03 23:27:19 EDT
Thank JR, we will keep an eye too. Closing for now. Do not hesitate to reopen if you see it again.

Note You need to log in before you can comment on or make changes to this bug.