RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
MemberOf plugin in 389-ds-base appears to ignore memberHost and memberUser.
This is a critical problem for idM / IPA.  This makes the Production Red Hat idM non-functional for use with Sudo.

Version-Release number of selected component (if applicable):
389-ds-base-1.2.10.2-20.el6_3.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Fully Install Red Hat idM (yum install ipa-server && ipa-server-install ...)
2. Create hostgroup (ipa hostgroup-add hostgroup_name)
3. Verify that hostgroup automatically spawned a netgroup (ldapsearch -x -D "cn=Directory Manager" -H ldap://ipa.expample.com -b cn=hostgroup_name,cn=ng,cn=alt,cn=accounts,dc=example,dc=com  -W)
4. Verify that the hostgroup is a memberHost entry within the Netgroup
5. Verify that the host object only contains a memberOf for the hostgroup, but is missing a memberOf for the netgroup.
6. Manually add the host as a 'member' of the netgroup
7. Verify that the memberOf entry is now present in the host object
  
Actual results:
memberOf attribute is missing from host object

Expected results:
memberOf attribute points to group objects which have a memberHost attribute for the host.

Additional info:

Further Details:  The issue appears to have presented itself with all 'replica' servers, and the issue was _not_ able to be reproduced successfully with fresh new RHEL6.3 idM installs.

Issue came clean while testing.  Performed a reinitialize on one of the affected mastered and the memberof data cleared up.  Verified all other RHEL6.3 replica peers also reflected clean memberof data.

Perhaps the issue stemmed from some form of corruption in the replication that was effecting how memberof was trying to process the affected entries.

Will keep a close eye out if the problem returns.  At this point I can no longer replicate the issue.
Canceling ticket.

Thank JR, we will keep an eye too. Closing for now. Do not hesitate to reopen if you see it again.