Univention Bugzilla – Bug 45310
memberOf is not set for existing users on backup and slave systems
Last modified: 2020-07-13 11:14:25 CEST
I've installed the memberof overlay module on slave and backup systems. Afterwards, I installed it on my master and executed the script /usr/share/univention-ldap-overlay-memberof/univention-update-memberof. The memberOf attribut was set on master but not on backup and slave systems.
Created attachment 9163 [details] update-memberof The attached script can be used to set the memberOf attribute on backup and slave systems: /etc/init.d/univention-directory-listener stop ./update-memberof /etc/init.d/univention-directory-listener start
Seems that the trivial change (uniqueMember=$uniqueMember) in /usr/share/univention-ldap-overlay-memberof/univention-update-memberof is not replicated (replication.py). Therefor the memberOf overlay does not update memberof (the overlay updates memberof for every uniqueMember object for posixGroup's if uniqueMember has been changed (?)). So we have to run /usr/share/univention-ldap-overlay-memberof/univention-update-memberof on every existing dc OR modify posixGroup and posixAccount in univention-update-memberof on the master (1) modify /usr/share/univention-ldap-overlay-memberof/univention-update-memberof (2) edit http://sdb.univention.de/index.php?action=artikel&cat=11&id=85&artlang=de
With Bug #46066 git:f72c1ec03bdd40ba4acf2b74b4cee9e6b8db58f2 changed the script to use univention.uldap.getRootDnConnection() instead, which automatically uses cn=admin on Master and cn=update on Backups and Slaves. Therefore the script works on all roles with a local LDAP server. <https://help.univention.com/t/memberof-attribute-group-memberships-of-user-and-computer-objects/6439> already documents that the script needs to be called on all roles. The procedure is described incomplete in the UCS manual, which is tracked by Bug #45308. This is related to Bug #48545. *** This bug has been marked as a duplicate of bug 46066 ***
This is a duplicate → VERIFIED