HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
/opt/dirsrv/slapd-instance_name/restart-slapd
5.4.4.3 Synchronizing memberOf values
The MemberOf Plug-in automatically manages the memberOf attribute on group member entries,
based on the configuration in the group entry itself. However, the memberOf attribute can be
edited on a user entry directly (which is improper) or new entries can be imported or replicated
over to the server that have a memberOf attribute already set. These situations create inconsistencies
between the memberOf configuration managed by the server plug-in and the actual memberships
defined for an entry.
Directory Server has a memberOf repair task that manually runs the plug-in to make sure the
appropriate memberOf attributes are set on entries. There are three ways to trigger this task:
• In the Directory Server Console
• Using the fixup-memberof.pl script
• Running a cn=memberof task, cn=tasks, cn=config tasks entry
NOTE:
The memberOf regeneration tasks are run locally, even if the entries themselves are replicated.
This means that the memberOf attributes for the entries on other servers are not updated until the
updated entry is replicated.
5.4.4.3.1 Initializing and regenerating memberOf attributes using fixup-memberof.pl
The fixup-memberof.pl script launches a special task to regenerate all the memberOf attributes
on user entries based on the member attributes in the group entries. This is a clean-up task that
synchronizes the membership defined in group entries and the corresponding user entries and
overwrites any accidental or improper edits on the user entries.
1. Run the script, binding as the Directory Manager.
/opt/dirsrv/slapd-instance_name/fixup-memberof.pl \
-D "cn=Directory Manager" -w password
The fixup-memberof.pl is described in more detail in the HP-UX Directory Server configuration,
command, and file reference.
5.4.4.3.2 Initializing and regenerating memberOf Attributes using ldapmodify
Regenerating memberOf attributes is one of the tasks that can be managed through a special task
configuration entry. Task entries occur under the cn=tasks configuration entry in the dse.ldif
file, so it is also possible to initiate a task by adding the entry using ldapmodify. As soon as the
task is complete, the entry is removed from the directory.
The fixup-memberof.pl script creates a special task entry in a Directory Server instance that
regenerates the memberOf attributes.
To initiate a memberOf fixup task, add an entry under the cn=memberof task, cn=tasks,
cn=config entry. The only required attribute is the cn for the specific task.
ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: cn=example memberof,cn=memberof task, cn=tasks, cn=config
cn:example memberof
As soon as the task is completed, the entry is deleted from the dse.ldif configuration, so it is
possible to reuse the same task entry continually.
The cn=memberof task configuration is described in more detail in the HP-UX Directory Server
configuration, command, and file reference.
5.4 Using groups 229