[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6684)

norbert@pueschel.net wrote:
> Updated TAR-file with (hopefully) sufficient copyright notice...
> http://www.pueschel.net/openldap/norbert-pueschel-autogroup-27102010.tar

Your code does a string compare againset "memberOf" to detect those filter 
   1) it should simply be comparing the AttributeDescription pointers
   2) since the "memberof" attribute is actually configurable in the memberof 
overlay, there's no guarantee that this is the correct attribute to be looking 
for. It should also be configurable in your patch.

You're using strcasecmp, but your inputs are already normalized values. You 
should just use ber_bvcmp.

Replying to the original:

> 1) Using non-DN-valued URIs for autogroup does not work correctly, even
> with the latest version from HEAD. Especially changing group member is
> not tracked.

I don't see why this should ever work or be supported. LDAP groups list DNs.

> 2) Using the memberOf-overlay for constructing autogroups does not work

I don't see any reason why this should work. The memberof overlay is not used 
to construct groups, it is only used to report on group memberships that have 
already been defined.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/