#8527 Automember rule for memberof is not triggering
Opened 2 years ago by cheimes. Modified 2 years ago

Issue

Automember lists memberof as possible trigger attribute. However automember rules for memberof do not trigger.

Steps to Reproduce

  1. add two groups: ruletest, ruletrigger
  2. add an automember user group rule for ruletest that triggers on memberof=.*ruletrigger.*
  3. add user to ruletrigger

Actual behavior

User is not added to group ruletest. A manual automembership rebuild adds the user to ruletest.

Expected behavior

User gets added to ruletest immediately.

Version/Release/Distribution

freeipa-server-4.8.9-2.fc32.x86_64
freeipa-client-4.8.9-2.fc32.x86_64
package ipa-server is not installed
package ipa-client is not installed
389-ds-base-1.4.3.12-1.fc32.x86_64
pki-ca-10.9.4-1.fc32.noarch
krb5-server-1.18.2-22.fc32.x86_64

Additional info:

Both auto membership plugin and memberof plugin are betxnpostoperation plugins with default plugin precedence of 50. After I added nsslapd-pluginprecedence=60 to cn=Auto Membership Plugin,cn=plugins,cn=config auto membership worked as expected.

The issue is relevant for new Fedora Account System.


After I have added and removed nsslapd-pluginprecedence I can no longer reproduce the bug for adding group membership. Instead auto-removal of group membership is broken.

Login to comment on this ticket.

Metadata