Bug 1035824

Description of problem:
From RHEL 7 most DS plugins are converted to be betxn - if their operation fails, whole transaction should fail and not be comitted to database. In case of Auto Membership plugin, we can create a situation where plugin fails to add user to group, e.g. due to non-existent group entry.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.6-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Add definition entry:
ldapmodify -D "cn=directory manager" -w Secret123 -a <<EOF
dn: cn=testGroup,cn=Auto Membership Plugin,cn=plugins,cn=config
objectclass: autoMemberDefinition
autoMemberScope: ou=People,dc=example,dc=com
autoMemberFilter: cn=tuser
autoMemberDefaultGroup: cn=testgroup,ou=groups,dc=example,dc=com
autoMemberGroupingAttr: member:dn
EOF

Make sure cn=testgroup,ou=groups,dc=example,dc=com does not exist.

2. Add user:
ldapmodify -D "cn=directory manager" -w Secret123 -a <<EOF
dn: cn=tuser,ou=people,dc=example,dc=com
objectclass: person
objectclass: top
cn: tuser
sn: tuser
EOF

The operation is successful:
[jrusnack@localhost 6.0]$ ldapsearch -LLL -h localhost -p 34368 -D "cn=directory manager" -w Secret123 -b "cn=tuser,dc=autoMembers,dc=com"
dn: cn=tuser,dc=autoMembers,dc=com
objectClass: person
objectClass: top
cn: tuser
sn: tuser

Actual results:
[jrusnack@localhost 6.0]$ tail -n1 /var/log/dirsrv/slapd-dstet/errors
[28/Nov/2013:07:55:17 -0700] auto-membership-plugin - automember_add_member_value: Unable to add "cn=tuser,dc=automembers,dc=com" as a "member" value to group "cn=testgroup,dc=autoMembers,dc=com" (No such object).


Expected results:
User should not be added, if plugin operation fails.