[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf does not Update on Group Modify

> Hi,
> I searched the lists and the Internet, but only a small portion of
> people seem to have the same problem. So I don't know, what's maybe
> wrong with my setup.
> One hint I found at:
> http://serverfault.com/questions/73213/how-do-i-configure-reverse-group-membership-maintenance-on-an-openldap-server-m
> I try to use the memberOf overlay in an openldap 2.4.11 (debian lenny)
> installation. This works so far. But if I'm going to modify a member
> attribute (add, delete, and modify) this change does not update the
> memberOf attributes returned. So in case of a deletion, the
> corresponding attribute memberOf still exists.
> Example:
> dn: cn=example,ou=management,ou=groups,dc=domain
> changetype: modify
> delete: member
> member: cn=my.name,o=uwue,ou=identities,dc=domain
> ldapsearch still returns:
> # ldapsearch -x -LLL -H ldaps://server:636 -b ou=identities,dc=domain -W
> -D cn=admin,dc=domain cn=my.name memberOf
> Enter LDAP Password:
> dn: cn=my.name,...
> memberOf: cn=xxx,ou=groups,dc=german-lab,dc=de
> memberOf: cn=xxy,ou=groups,dc=german-lab,dc=de
> memberOf: cn=example,ou=management,ou=groups,dc=german-lab,dc=de
> => Does not work

I don't see "cn=example,ou=management,ou=groups,dc=domain" among
memberOf's of "cn=my.name..." (assuming "..." stands for
",o=uwue,ou=identities,dc=domain", of course).  I've tested the current
implementation of slapo-memberof (test52 of the test suite) and I don't
see any strange behavior.

You should provide a little bit more info, including your configuration
and a clear set of LDIFs that allow to exactly create your database prior
to modification, and a modification that results in an incorrect behavior.

Also, I note that 2.4.11 is relatively old.  If you compare just the
memberof.c file between 2.4.11 and 2.4.19 you'll note hundreds of lines of