HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

231

232

233

234

235

236

237

238

239

240

/opt/dirsrv/slapd-instance_name/restart-slapd

5.4.4.3 Synchronizing memberOf values

The MemberOf Plug-in automatically manages the memberOf attribute on group member entries,

based on the configuration in the group entry itself. However, the memberOf attribute can be

edited on a user entry directly (which is improper) or new entries can be imported or replicated

over to the server that have a memberOf attribute already set. These situations create

inconsistencies between the memberOf configuration managed by the server plug-in and the

actual memberships defined for an entry.

Directory Server has a memberOf repair task that manually runs the plug-in to make sure the

appropriate memberOf attributes are set on entries. There are three ways to trigger this task:

• In the Directory Server Console

• Using the fixup-memberof.pl script

• Running a cn=memberof task, cn=tasks, cn=config tasks entry

NOTE:

The memberOf regeneration tasks are run locally, even if the entries themselves are replicated.

This means that the memberOf attributes for the entries on other servers are not updated until

the updated entry is replicated.

5.4.4.3.1 Initializing and regenerating memberOf attributes using fixup-memberof.pl

The fixup-memberof.pl script launches a special task to regenerate all the memberOf attributes

on user entries based on the member attributes in the group entries. This is a clean-up task that

synchronizes the membership defined in group entries and the corresponding user entries and

overwrites any accidental or improper edits on the user entries.

1. Run the script, binding as the Directory Manager.

/opt/dirsrv/slapd-instance_name/fixup-memberof.pl \

-D "cn=Directory Manager" -w password

The fixup-memberof.pl is described in more detail in the HP-UX Directory Server configuration,

command, and file reference.

5.4.4.3.2 Initializing and regenerating memberOf Attributes using ldapmodify

Regenerating memberOf attributes is one of the tasks that can be managed through a special

task configuration entry. Task entries occur under the cn=tasks configuration entry in the

dse.ldif file, so it is also possible to initiate a task by adding the entry using ldapmodify.

As soon as the task is complete, the entry is removed from the directory.

The fixup-memberof.pl script creates a special task entry in a Directory Server instance that

regenerates the memberOf attributes.

To initiate a memberOf fixup task, add an entry under the cn=memberof task, cn=tasks,

cn=config entry. The only required attribute is the cn for the specific task.

ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=example memberof,cn=memberof task, cn=tasks, cn=config

cn:example memberof

As soon as the task is completed, the entry is deleted from the dse.ldif configuration, so it is

possible to reuse the same task entry continually.

The cn=memberof task configuration is described in more detail in the HP-UX Directory Server

configuration, command, and file reference.

5.4 Using groups 231