Hello,
I have the following scenario with multi master replication
389DS (389-Directory/1.3.2.13 B2014.066.1215) <-> AD (windows 2008R2)
I'm having the following problem using groups on 389:
What I DID Create a user test1
Added this user to group GROUP_TEST
When I delete this user from 389DS via console or via windows, 389 DS does not removes the group entry. On the windows side everything seems to be ok, the user was deleted from the group too.
So the user test1 does not exists anymore, but in the group (on 389DS), I still can see the entry:
uniqueMember: uid=test1,ou=GTI,dc=homolog,dc=rnp
after delete the user <img alt="after_deleteuser.png" src="/389-ds-base/issue/raw/files/f412060f0100b9cf5d45989886aa289e7ed1cc814e9c90e1244edba783f88bcf-after_deleteuser.png" />
before delete the user <img alt="before_deleteuser.png" src="/389-ds-base/issue/raw/files/efba254c023c39fa77c92c8a3f22d045ff74faefcb67acbbef97048a5fc33333-before_deleteuser.png" />
Please try enabling/configuring Referential Integrity to synchronize the group members and the member entry. 3.6. Maintaining Referential Integrity https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Creating_Directory_Entries-Maintaining_Referential_Integrity.html
nhosoi,
Thanks, that worked for me. Sorry to open the ticket but no one answered me on the list. One more question, why does it not come enabled by default?
You can close this ticket.
Thanks.
Alberto Viana
Thanks for the update, Alberto. Glad to hear it worked for you!
Replying to [comment:2 albertocrj]:
One more question, why does it not come enabled by default?
Probably, we could. We were conservative about the plug-in configuration.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Creating_Directory_Entries-Maintaining_Referential_Integrity.html When enabling the plug-in on servers issuing chaining requests, be sure to analyze performance resource and time needs, as well as your integrity needs. Integrity checks can be time-consuming and draining on memory and CPU.
Metadata Update from @albertocrj: - Issue set to the milestone: N/A
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1073
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.