Hi,
Memberof plugin is using deferred memberof update. AFAIK this is not configured/supported by IPA, however it should work. This tuning should not be related to your original question.
I guess the updates (68edda59000000030000 or 68edda59000100030000) are triggered by the replication of referential integrity update on RID=0x0003. But I do no understand why memberof plugin updates the 'member' attribute, this is not its role. Let's wait for others opinions and if there is no explanation I think it worth to open a ticket with a clear reproducer testcase.
best regards thierry
On 10/16/25 7:01 AM, vectinx via 389-users wrote:
Yes, the MemberOf configuration is used by default from the IPA. There are no standalone directory servers. Here is the MemberOf plugin configuration: dn: cn=MemberOf Plugin,cn=plugins,cn=config cn: MemberOf Plugin memberofattr: memberOf memberofdeferredupdate: on memberofentryscope: dc=test,dc=loc memberofentryscopeexcludesubtree: cn=compat,dc=test,dc=loc memberofentryscopeexcludesubtree: cn=provisioning,dc=test,dc=loc memberofentryscopeexcludesubtree: cn=topology,cn=ipa,cn=etc,dc=test,dc=loc memberofgroupattr: member memberofgroupattr: memberUser memberofgroupattr: memberHost memberofgroupattr: ipaOwner memberofneedfixup: true nsslapd-plugin-depends-on-type: database nsslapd-pluginDescription: memberof plugin nsslapd-pluginEnabled: on nsslapd-pluginId: memberof nsslapd-pluginInitfunc: memberof_postop_init nsslapd-pluginPath: libmemberof-plugin nsslapd-pluginType: betxnpostoperation nsslapd-pluginVendor: 389 Project nsslapd-pluginVersion: 2.6.1 objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject
No comments:
Post a Comment