[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fix problems in back-ldap group.c (ITS#1137)

To: openldap-its@OpenLDAP.org
Subject: Fix problems in back-ldap group.c (ITS#1137)
From: ando@sys-net.it
Date: Mon, 7 May 2001 08:41:02 GMT

Full_Name: Pierangelo Masarati
Version: HEAD
OS: RH 6.2
URL: ftp://ftp.openldap.org/incoming/pierangelo-masarati-back-ldap-group.patch
Submission from: (NULL) (131.175.154.56)


There are four problems in group.c for back-ldap that are (possibly) fixed by
this patch.

The first two are a simple typos (or are possibly due to API changes?):
1) the function "is_entry_objectclass" needs be tested for NEGATIVE result: 

	if( !is_entry_objectclass( e, group_oc ) ) {

2) the function "value_find" returns LDAP_SUCCESS or failure, so:

	if( value_find( group_at, attr->a_vals, &bv ) != LDAP_SUCCESS  )

The last two are directly related and are more subtle:

3) since back-ldap retrieves the PORTION of an entry that the user requires
(e.g. only the list of attributes passed to ldap_search_*), there need
be a check for the PRESENCE of the "objectClass" attribute BEFORE the
presence of the "group" objectClass value is tested; in case it is not present,

this is nota schema failure; on the contrary, the search must be repeated with
the correct objectClass in the filter.

4) for the same reason, if the "member" attribute is not present, we
CANNOT ASSUME there is no member at all. So the search must be repeated 
also in this case.

Pierangelo Masarati.

Prev by Date: ITS#1123 (compile on OSX)
Next by Date: cpu stall on concurrent accessess (ITS#1138)
Index(es):
- Chronological
- Thread