Automember lists memberof as possible trigger attribute. However automember rules for memberof do not trigger.
memberof
ruletest
ruletrigger
memberof=.*ruletrigger.*
User is not added to group ruletest. A manual automembership rebuild adds the user to ruletest.
User gets added to ruletest immediately.
freeipa-server-4.8.9-2.fc32.x86_64 freeipa-client-4.8.9-2.fc32.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.3.12-1.fc32.x86_64 pki-ca-10.9.4-1.fc32.noarch krb5-server-1.18.2-22.fc32.x86_64
Both auto membership plugin and memberof plugin are betxnpostoperation plugins with default plugin precedence of 50. After I added nsslapd-pluginprecedence=60 to cn=Auto Membership Plugin,cn=plugins,cn=config auto membership worked as expected.
nsslapd-pluginprecedence=60
cn=Auto Membership Plugin,cn=plugins,cn=config
The issue is relevant for new Fedora Account System.
After I have added and removed nsslapd-pluginprecedence I can no longer reproduce the bug for adding group membership. Instead auto-removal of group membership is broken.
nsslapd-pluginprecedence
Login to comment on this ticket.