[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8148) exattrs=memberOf in consumer causes removal of memberOf attributes

alexoz66@gmail.com wrote:
> Full_Name: John Alex.
> Version: 2.4.40
> OS: FreeBSD 9.3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> I have a consumer configured with slapo-memberof and exattrs=memberof in order
> to keep track of group memberships locally as suggested in the manpages. This
> works ok when adding/deleting users to groups, but when a user entry containing
> "memberOf" values is modified, those values are deleted in the consumer.
> According to ITS#7400, exattrs=memberOf is necessary to avoid getting this
> attribute from the provider.

I see nothing in ITS#7400 that even mentions exattrs. In fact there's nothing 
conclusive in ITS#7400 at all, it only says the issue should be taken up on 
the -devel mailing list and needs new design work.

> However, it was suggested to me to remove
> "memberOf" from exattrs, which I did and now everything seems to work fine.
> In any case, even if exattrs=memberof is not needed anymore, it should not have
> any effect to the local slapo-memberof operations.

Sorry, that doesn't follow. Adding settings will invariably change some server 
behavior. Adding a setting that you didn't need generally turns a working 
config into a broken config.

> See also: http://www.openldap.org/lists/openldap-technical/201505/msg00124.html

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/