[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subtree renames and memberOf handling

On Fri, 2008-01-11 at 17:51 +0100, Pierangelo Masarati wrote:
> Andrew Bartlett wrote:
> > I perhaps should have flagged this earlier, but I wanted to actually
> > have the test to prove it.
> [snip]
> > The 'member' attribute on the group is wrong, most likely because such a
> > subtree rename would never cause the memberOf module to fire and notice
> > that this needs updating.
> Yes, slapo-memberof(5) does not consider the possibility of a subtree
> rename, and thus takes no care of it.  I believe at the time it was
> implemented, this was not possible (in back-hdb), or not feasible (given
> the impossibility to search portions of a DN-valued attribute):
> slapo-memberof(5) was added to OpenLDAP sources August 2007, but
> initially implemented for OpenLDAP 2.2.
> I think this change should be relatively easy right now, as a DN-valued
> can be searched with the dnSubtreeMatch rule to detect whether any
> member/memberOf values need to be modified.
> Please submit an ITS...

I've tried to, but I just get:

The system encountered a fatal error

After command: MAIL FROM: <abartlet@samba.org>

Received: 451 4.1.8 Domain of sender address abartlet@samba.org does not resolve

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part