Thank you Viktor , here are more details:
Thank you!!!
ldapsearch -D "cn=directory manager" -w xxxx-b "ou=Groups,ou=ds,dc=xxxxxxx '(memberOf=*)'
no entries been returned.dsconf -D "cn=Directory Manager" -W slapd-testldap backend index list userroot | grep member*
dn: cn=member,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: member
dn: cn=memberOf,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: memberOf
dn: cn=memberuid,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: memberuid
dn: cn=uniquemember,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: uniquemember
dn: cn=member,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: member
dn: cn=memberOf,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: memberOf
dn: cn=memberuid,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: memberuid
dn: cn=uniquemember,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: uniquemember
####### See the memberof difference in version 1.2 with version 3.1 for memberofgroupattr is this the case ?
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: member
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 3.1.3
nsslapd-pluginVendor: 389 Project
################
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: member
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 3.1.3
nsslapd-pluginVendor: 389 Project
################
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniquemember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.3.10.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniquemember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.3.10.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
And last question the memberof fixup scripts runs to fast /or not at all but no errors.
dsconf --verbose testldap plugin memberof fixup-statusTask: cn=memberOf_fixup_2026-02-06T11:19:50.854371,cn=memberOf task,cn=tasks,cn=config
INFO: --------------------------------------------------------------------------------
INFO: - Base DN: dc=xxxx
INFO: - Status: Memberof task finished (processed 45844 entries in 6 seconds)
INFO: - Started: Fri Feb 6 19:19:50 2026 (20260206191950Z)
INFO: - Ended: Fri Feb 6 19:19:57 2026 (20260206191957Z)
INFO: - Elapsed Time: 0:00:07
INFO: - Exit Code: 0
INFO: --------------------------------------------------------------------------------
INFO: - Base DN: dc=xxxx
INFO: - Status: Memberof task finished (processed 45844 entries in 6 seconds)
INFO: - Started: Fri Feb 6 19:19:50 2026 (20260206191950Z)
INFO: - Ended: Fri Feb 6 19:19:57 2026 (20260206191957Z)
INFO: - Elapsed Time: 0:00:07
INFO: - Exit Code: 0
Thank you!!!
From: Viktor Ashirov <vashirov@redhat.com>
Sent: Friday, February 6, 2026 3:21:43 AM
To: General discussion list for the 389 Directory server project.
Cc: Ghiurea, Isabella
Subject: [EXTERNAL\EXTERNE:] Re: [389-users] memberof entries not displayed in uid ( version 3.1)
Sent: Friday, February 6, 2026 3:21:43 AM
To: General discussion list for the 389 Directory server project.
Cc: Ghiurea, Isabella
Subject: [EXTERNAL\EXTERNE:] Re: [389-users] memberof entries not displayed in uid ( version 3.1)
***Attention*** This email originated from outside of the NRC. ***Attention*** Ce courriel provient de l'extérieur du CNRC.
Hi,
On Fri, Feb 6, 2026 at 4:33 AM Ghiurea, Isabella via 389-users <389-users@lists.fedoraproject.org> wrote:
Hi List,I 'm testing DS migration from 389-DS 1.2.3 to 389-DS 3.1 RH9 with memberof plugin been enable when checking for users the entries for memberof are missing. for each uid.Are any cfg params in dse.ldif which may stop from displaying the memberof entries ?See details :
# 8211065Users, ds, xxxxdn: uid=8211065,ou=Users,ou=ds,dc=xxxxxuserPassword:: e1NTSEF9K25kcXZ= Missing memberOf entriesIn old 389-DS version 1.2.3 I have for same uid
dn: uid=8211065ou=Users,ou=ds,dc=xxxx****memberOf: cn=xxxx,ou=Groups,ou=ds,dc=xxxxxxx >>> mssing for each uid in 389-DS version 3.1****memberOf: cn=xxxx-users,ou=Groups,ou=ds,dc=cxxxx >>>same#######################################DS version 3.1 errorlog
dsconf slapd-testldap plugin memberof fixup "dc=xxx,dc=xxx"dsconf slapd-testldap plugin memberof fixup-status
INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task starts (filter: "(|(objectclass=inetuser)(objectclass=inetadmin)(objectclass=nsmemberof))") ...[05/Feb/2026:18:44:51.265924012 -0800] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task finished (processed 45844 entries in 5 seconds)
######################################################dsconf slapd-testldap plugin memberof show
dn: cn=MemberOf Plugin,cn=plugins,cn=configcn: MemberOf Pluginmemberofattr: memberOfmemberofgroupattr: member
What does your group entry look like? Do you have objectclass that supports the `member` attribute?
Thanks.
--nsslapd-plugin-depends-on-type: databasensslapd-pluginDescription: memberof pluginnsslapd-pluginEnabled: onnsslapd-pluginId: memberofnsslapd-pluginInitfunc: memberof_postop_initnsslapd-pluginPath: libmemberof-pluginnsslapd-pluginType: betxnpostoperationnsslapd-pluginVendor: 389 Projectnsslapd-pluginVersion: 3.1.3objectClass: topobjectClass: nsSlapdPluginobjectClass: extensibleObject
Thank youIsabella
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Viktor
No comments:
Post a Comment