[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#9000) memberOf value is lost when group DN is modified with only case change

To: openldap-its@OpenLDAP.org
Subject: (ITS#9000) memberOf value is lost when group DN is modified with only case change
From: clement.oudot@worteks.com
Date: Wed, 27 Mar 2019 16:39:14 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Clement OUDOT
Version: 2.4.47
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.250.130.213)


We use a very standard configuration with memberof overlay.

The issue is very easy to reproduce :
* Create a group with a user in an OpenLDAP server using memberof overlay
* The user should now have the group DN in memberOf attribute
* Rename the group to change its case, for example uppercase the first letter
* The group has be renamed but was removed form user memberOf attribute

The OpenLDAP log is the following:
5c9ba447 conn=1000 op=23 MODRDN
dn="cn=memberoftest,ou=groups,dc=example,dc=com"
5c9ba447 conn=1000 op=23: memberof_value_modify
DN="uid=coudot,ou=users,dc=example,dc=com" add
memberOf="cn=memberofTEST,ou=groups,dc=example,dc=com" failed err=20

Seems it is because memberof try to add the new value before deleting the old
one. As the values are the same when ignoring the case, the modification is
rejected.

I would say that doing the LDAP_SLIST_REMOVE before the LDAP_SLIST_INSERT_HEAD
in memberof.c should be enough but I don't know if this is safe.

Prev by Date: Re: (ITS#8999) telephoneNumberMatch crashed slapd
Next by Date: Re: (ITS#8997) openldap-nssov/back ldap segfault
Index(es):
- Chronological
- Thread