[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7171) RefInt overlay: olcRefIntNothing doesn't kick in when deleting last member from group
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7171) RefInt overlay: olcRefIntNothing doesn't kick in when deleting last member from group
- From: p.nijs@xs4all.nl
- Date: Fri, 17 Feb 2012 12:48:41 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Patrick Nijs
Version: 2.4.23
OS: Debian Squeeze x86
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:980:74b5:1:bcd8:7053:70b4:377d)
I have a clean install of Debian Squeeze, and a clean install of OpenLDAP.
Now I have enabled the REFINT overlay (it's the only overlay I am using):
To enable it, I executed the following commands as root:
echo "
dn: cn=module{0},cn=config
add: olcModuleLoad
olcModuleLoad: refint
" | ldapmodify -Y EXTERNAL -H ldapi:///
and:
echo "
dn: olcOverlay=refint,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcRefintConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: refint
olcRefintAttribute: member
olcRefintNothing: cn=admin,dc=domain,dc=local
" | ldapmodify -Y EXTERNAL -H ldapi:///
The good thing is that if I rename the DN of a group member, all goes well.
The only BAD thing is, that when I delete a user which is the ONLY MEMBER OF A
GROUP, then the olcRefintNothing does NOT KICK IN.
I expect that that when the last member of a group is deleted, then the member
attribute of that group is replaced with the DN as specified in
olcRefintNothing.
This doesn't happen.
Here is a snippet from my syslog (loglevel -1), where
cn=test,dc=domein,dc=local is the GROUP (groupOfNames) with the member
ATTRIBUTE.
uid=peter1,dc=domein,dc=local is a User (account) and the only member left in
the aforementioned group.
When I delete this user this shows up in the log:
Feb 17 13:27:27 vm03 slapd[25075]: refint_search_cb
<cn=test,dc=domein,dc=local>
Feb 17 13:27:27 vm03 slapd[25075]: refint_search_cb: member:
uid=peter1,dc=domein,dc=local (#1)
Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: conn=-1 op=0 p=0
Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: err=0 matched="" text=""
Feb 17 13:27:27 vm03 slapd[25075]: refint_search_cb <NOTHING>
Feb 17 13:27:27 vm03 slapd[25075]: hdb_modify: cn=test,dc=domein,dc=local
Feb 17 13:27:27 vm03 slapd[25075]: slap_queue_csn: queing 0xb59c06b6
20120217122727.743313Z#000000#000#000000
Feb 17 13:27:27 vm03 slapd[25075]: bdb_dn2entry("cn=test,dc=domein,dc=local")
Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: 0x00000006:
cn=test,dc=domein,dc=local
Feb 17 13:27:27 vm03 slapd[25075]: <= acl_access_allowed: granted to database
root
Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: delete member
Feb 17 13:27:27 vm03 slapd[25075]: dnMatch
0#012#011"uid=peter1,dc=domein,dc=local"#012#011"uid=peter1,dc=domein,dc=local"
Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: replace modifiersName
Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: delete member
Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: 16 modify/delete:
member: no such attribute
Feb 17 13:27:27 vm03 slapd[25075]: hdb_modify: modify failed (16)
Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: conn=-1 op=0 p=0
Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: err=16 matched=""
text="modify/delete: member: no such attribute"
Feb 17 13:27:27 vm03 slapd[25075]: slap_graduate_commit_csn: removing 0x938a7d0
20120217122727.743313Z#000000#000#000000
Feb 17 13:27:27 vm03 slapd[25075]: refint_repair: dependent modify failed: 16
Feb 17 13:27:27 vm03 slapd[25075]: daemon: activity on 1 descriptor
I see that the REFINT overlay is kicking in, but it comes with the following
error:
bdb_modify_internal: 16 modify/delete: member: no such attribute
That is strange, because this groupOfNames certainly has a member attribute.
Is this a bug?
Thanks in advance,
Patrick