Hi, On Fri, Nov 4, 2011 at 18:13, Rob Crittenden <[email protected]> wrote: > Dan Scott wrote: >> >> Hi, >> >> On Fri, Nov 4, 2011 at 17:38, Stephen Ingram<[email protected]> wrote: >>> >>> On Fri, Nov 4, 2011 at 2:12 PM, Dan Scott<[email protected]> >>> wrote: >>>> >>>> ldapsearch -b cn=users,cn=accounts,dc=example,dc=com >>>> >>>> "(&(mail=${email_address})(memberOf=cn=usergroup,cn=groups,dc=example,dc=com" >>>> -x >>>> >>>> In version 2, it looks like the memberOf attributes have been removed >>>> from the user entries and the user group membership information is >>>> stored only in the 'member' attribute of the individual group entries. >>>> >>>> Can someone help me modify the above command so that I can find users, >>>> using their email address, who are also members of a particular group? >>>> Preferably using one command. >>> >>> Dan- >>> >>> It looks like you are missing the cn=accounts in your filter: >>> >>> ldapsearch -b cn=users,cn=accounts,dc=example,dc=com >>> >>> "(&mail=${email_address})(memberOf=cn=usergroup,cn=groups,cn=accounts,dc=example,dc=com)" >>> -x ... >> >> Thanks for spotting that, it was an error from when I was removing my >> domain information. >> >> However, the problem remains that the memberOf attributes don't exist >> in FreeIPA V2, so I need to figure out another way to do the search. >> >> Thanks, >> >> Dan > > memberof should exist. memberof should be calculated on the fly from the > member information. I'm not sure why you aren't seeing it. > > You can try this, substituting for your domain: > > # /var/lib/dirsrv/scripts-EXAMPLE-COM/fixup-memberof.pl -D 'cn=directory > manager' -w - -b dc=example,dc=com -f "(objectclass=*)" -v > > This should rebuild the memberof values.
Thanks for the tip, but it doesn't seem to be working. I run the command and get a response. It says: adding new entry "cn=memberOf_fixup_2011_11_4_18_46_11, cn=memberOf task, cn=tasks, cn=config" modify complete But the memberOf attributes don't appear (on either server - I have 2 servers replicating). There are a couple of suspicious errors in the dirsrv log file: [04/Nov/2011:18:30:53 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat, dc=example,dc=com [04/Nov/2011:18:30:53 -0400] schema-compat-plugin - warning: no entries set up under ou=SUDOers, dc=example,dc=com [04/Nov/2011:18:30:53 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [04/Nov/2011:18:30:53 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. The other server contains similar lines and also shows some errors when I rebooted the first server. But eventually it shows: Replication bind with GSSAPI auth resumed So I guess it's all OK? Thanks, Dan _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
