[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue with dynlist overlay



Sent: Tue Jul 31 2012 02:55:05 GMT-0400 (EDT)
From: Dieter KlÃnter <dieter@dkluenter.de>
To: openldap-technical@openldap.org
Subject: Re: Issue with dynlist overlay
Am Mon, 30 Jul 2012 12:52:22 -0400
schrieb Patrick Hemmer<openldap@stormcloud9.net>:

So I just ran across an undocumented issue with slapo-dynlist. I'm
not sure if this is a bug, or just missing in the documentation.

The issue is that if the entry being dynamically added to the parent
entry has the objectClass slapo-dynlist is configured to use, that
entry is not dynamically added to the parent.
For example:
----
olcOverlay=dynlist,olcdatabase=hdb,cn=config
objectClass: olcDynamicList
objectClass: olcOverlayConfig
olcDlAttrSet: groupOfURLs memberUrl
----
dn: cn=parent,dc=example,dc=com
objectClass: groupOfNames
objectClass: groupOfURLs
member: uid=foo,dc=example,dc=com
memberUrl: ldap:///cn=child,dc=example,dc=com

dn: cn=child,dc=example,dc=com
objectClass: groupOfNames
objectClass: groupOfURLs
member: uid=bar,dc=example,dc=com
---

In the above example, I would "member: uid=bar,dc=example,dc=com" to
be added to cn=parent,dc=example,dc=com, but it isn't.

Now the documentation clearly states recursion is not allowed, so if
cn=child were to have a 'memberUrl', this memberUrl would not be
expanded. But this is not what is being done here, cn=child has no
memberUrl present. It also behaves perfectly fine if I pull the
"objetClass: groupOfURLs" off cn=child.

So is this supposed to behave this way? If so can the documentation
be updated to indicate this restriction?
If not I'd be happy to open an ITS on the issue.
The memberURL attribute value is not complete, see rfc 4516. It should
be something like
memberURL:ldap:///cn=child,dc=example,dc=com?<attributetype>?<scope>?<filter>


-Dieter


I've tried that too, it doesn't matter.

> It also behaves perfectly fine if I pull the "objetClass: groupOfURLs" off cn=child.