[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6670) memberof overlay problem

To: openldap-its@OpenLDAP.org
Subject: (ITS#6670) memberof overlay problem
From: henjes@informatik.uni-wuerzburg.de
Date: Tue, 12 Oct 2010 09:38:07 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Robert Henjes
Version: 2.4.23-4
OS: Debian Squeeze
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (132.187.12.89)


Hi,

while using memberof overlay I recognized the following problem in conjunction
with groupOfNames. If you try to add an empty group of names you have to set at
least one member attribute, since it is mandatory. One could have the idea to
point to the group dn itself. If having the memberof overlay active this leads
to a loop while executing an ldapadd. I assume this happens while the memberof
overlay is triggered. Tried to analyze the slapd debug output, but it stops,
after the addition is completed.

Example LDIF file:
dn: cn=stupid,ou=groups,dc=domain
objectClass: top
objectClass: groupOfNames
cn: stupid
member: cn=stupid,ou=groups,dc=domain

The slapd server seems proceed working, except the add process and the subtree
where the LDIF is gets added. You can not stop the slapd server in a normal way,
you just have to do a "kill -9". After that the LDIF file seems to be added, but
I assume, that the memberof overlay representation is inconsistent.

The memberof overlay should be aware of such situations, even if building loops
in dn references is in general not a good idea.

Best regards,
Robert

Prev by Date: Re: (ITS#5693) [enhancement] extension of slapo-translucent filtering approach
Next by Date: (ITS#6671) multi-master replication fails to delete objects from consumer
Index(es):
- Chronological
- Thread