OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/6766
Full headers

From: masarati@aero.polimi.it
Subject: memberOf does not replicate specially crafted modifications
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Sun, 02 Jan 2011 22:52:29 +0000
From: masarati@aero.polimi.it
To: openldap-its@OpenLDAP.org
Subject: memberOf does not replicate specially crafted modifications
Full_Name: Pierangelo Masarati
Version: HEAD/re24
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2.40.10.16)
Submitted by: ando


If a modification deletes and recreates a member, something like

dn: cn=group
changetype: modify
delete: member
member: cn=user
-
add: member
member: cn=user
-

the operation succeeds on the provider, but only the delete is replicated.  This
occurs because the operation, within the memberOf overlay, results in two
separate operations:

dn: cn=user
changetype: modify
delete: memberOf
memberOf: cn=group

dn: cn=user
changetype: modify
add: memberOf
memberOf: cn=group

with the same CSN, although corresponding to different operations, so the
consumer ignores the second (btw, the CSN is the same of the modification that
affects the "cn=group" entry).

There may be two solutions: recognize that both operations affect the same
entry, and group them, or change the CSN.

p.
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org