Red Hat Bugzilla – Bug 457910
memberOf: Make the filter of the treated entries configurable
Last modified: 2015-01-04 18:33:30 EST
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199) Gecko/2008070208 Firefox/3.0.1
In the latest version of memberof.c (1.13 in CVS) starting form the line 2013 :
if ((filter = fetch_attr(e, "filter", "(objectclass=inetuser)")) == NULL)
*returncode = LDAP_OBJECT_CLASS_VIOLATION;
rv = SLAPI_DSE_CALLBACK_ERROR;
It means that the filter used to determine the subset of entries treated by the memberOf plugin is hardcoded to "(objectclass=inetuser)"
Steps to Reproduce:
1. Look at the code of memberof.c staring from the line 2013
The filter is hardcoded to "(objectclass=inetuser)"
The filter should be configurable like it is already the case for the parameters memberOfGroupAttr and memberOfAttr.
It is not a bug, it is a feature request.
The hardcoded filter is simply a default filter for the memberOf fix-up task. The task filter can be specified in the task entry that is created as the "filter" attribute, which is the recommended thing to do when creating the fix-up task. The fixup-memberof.pl utility that creates the fixup task entry has a "-f" option for specifying this filter.
We could add another configuration setting that allows you to configure the default task filter if one is not specified in the task, but I don't see a lot of value in doing so. I also do not want to make this configuration setting required, so we would still need a hardcoded default.
If it's only the default filter for the memberOf fix-up task, you are right. There is no need to create another configuration parameter. I thought (or maybe it was the case in one of the previous code versions) that there was a limitation on the "real time" updates of the entries. After looking through the latest version of the code the filter is indeed used exclusively in the fix-up task.
Thanks for your input, Andrey. Since you agree with my assessment, I'm going to close this bug.