On Fri, 2008-01-11 at 17:51 +0100, Pierangelo Masarati wrote: > Andrew Bartlett wrote: > > I perhaps should have flagged this earlier, but I wanted to actually > > have the test to prove it. > > [snip] > > > The 'member' attribute on the group is wrong, most likely because such a > > subtree rename would never cause the memberOf module to fire and notice > > that this needs updating. > > Yes, slapo-memberof(5) does not consider the possibility of a subtree > rename, and thus takes no care of it. I believe at the time it was > implemented, this was not possible (in back-hdb), or not feasible (given > the impossibility to search portions of a DN-valued attribute): > slapo-memberof(5) was added to OpenLDAP sources August 2007, but > initially implemented for OpenLDAP 2.2. > > I think this change should be relatively easy right now, as a DN-valued > can be searched with the dnSubtreeMatch rule to detect whether any > member/memberOf values need to be modified. > > Please submit an ITS... I've tried to, but I just get: OpenLDAP The system encountered a fatal error After command: MAIL FROM: <abartlet@samba.org> Received: 451 4.1.8 Domain of sender address abartlet@samba.org does not resolve Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part