[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6670) memberof overlay problem

henjes@informatik.uni-wuerzburg.de wrote:
> Full_Name: Robert Henjes
> Version: 2.4.23-4
> OS: Debian Squeeze
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Hi,
> while using memberof overlay I recognized the following problem in conjunction
> with groupOfNames. If you try to add an empty group of names you have to set at
> least one member attribute, since it is mandatory. One could have the idea to
> point to the group dn itself. If having the memberof overlay active this leads
> to a loop while executing an ldapadd. I assume this happens while the memberof
> overlay is triggered. Tried to analyze the slapd debug output, but it stops,
> after the addition is completed.
> Example LDIF file:
> dn: cn=stupid,ou=groups,dc=domain
> objectClass: top
> objectClass: groupOfNames
> cn: stupid
> member: cn=stupid,ou=groups,dc=domain
> The slapd server seems proceed working, except the add process and the subtree
> where the LDIF is gets added. You can not stop the slapd server in a normal way,
> you just have to do a "kill -9". After that the LDIF file seems to be added, but
> I assume, that the memberof overlay representation is inconsistent.
> The memberof overlay should be aware of such situations, even if building loops
> in dn references is in general not a good idea.

The memberof code in HEAD has been patched to ignore these cases. Possibly we 
can add additional code to insert the member/memberOf value as appropriate, 
but I haven't done so in this patch.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/