[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapmodify - deletion of related attributes


I am new to openldap so I am not sure of much... I hope the 
title I gave to this mail is not too misleading, here is my problem :

I want to add/delete users to a group.

I use the following ldif to add an user to a group :
dn: cn=grptest, cn=testOU, dc=example, dc=com
add: uniqueMember
uniqueMember: uid=test, cn=KlogicOU, dc=example, dc=com

so far, so good.
Now, when I want to add an user the first time, it does not work because
there is a missing related attribute : groupOfUniqueNames.

To add it I have found only the following syntax :
dn: cn=grptest,cn=KlogicOU, dc=example, dc=com
objectClass: groupOfUniqueNames
uniqueMember: uid=test,cn=KlogicOU,dc=example,dc=com

so far, so good.
Now the problem : when I want to delete a group member,
I need also to delete the groupOfUniqueNames attribute
when it's the last group member in this group. I know it's
possible to do it using the Api since directory_administrator
(a graphical utility) does it without problem on my system.

I want to do it using scripts, however.
I have not found a ldif syntax to do it.

dn: cn=grptest,cn=testOU, dc=example, dc=com
delete: objectClass, uniqueMember
uniqueMember: uid=test,cn=testOU, dc=example, dc=com

get me the following result :

ldap_modify: Undefined attribute type
 additional info: objectClass, uniqueMember: attribute description
 contains inappropriate characters

other less likely syntaxes I tried did not work or produced
other strange error messages.

Could it be a bug in ldapmodify ? or is there a way to do it 
using another syntax ?

I have the following setup : stock Mandrake 8.2 with its OpenLDAP 2.0.23.

I have found that the following change to ldapmodify allowed
me to add/remove members of my groups without problem :

--- ldapmodify.c.orig   Fri Feb  8 19:12:31 2002
+++ ldapmodify.c        Sat Jul 20 09:31:01 2002
@@ -840,7 +840,6 @@
                goto end_line;
            } else if ( strcasecmp( type, T_MODOPDELETESTR ) == 0 ) {
                modop = LDAP_MOD_DELETE;
-               addmodifyop( &pmods, modop, val.bv_val, NULL );
                goto end_line;
            } else {    /* no modify op:  use default */
                modop = ldapadd ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;

Not that I did not try to upgrade my system, that is, I compiled
2.0.25 ldapmodify and tested it with my 2.0.23 version. Browsing
Cvs I noticed that HEAD code is similar. I even tried to
compile with this ldapmodify.c and found that its behaviour
is identical.

However not being familiar with the code I don't know if it is
really a bug. If it is, the replace case would need the same
change of course.

additional info : I found this patch adding fprintf instruction
at the beginning of addmodifyop routine and seeing it was called
3 times for this operation with the following content in 'attr' : 

attr=objectClass, uniqueMember

The patch removes the first call to addmodifyop.

Thanks for your attention.

Gerard PatelÉ]