Bug 526141 - allow empty groups
Summary: allow empty groups
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Schema
Version: 1.2.1
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 389_1.2.3 639035
TreeView+ depends on / blocked
 
Reported: 2009-09-29 02:55 UTC by Rich Megginson
Modified: 2015-12-07 16:30 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-07 16:30:58 UTC


Attachments (Terms of Use)
patch (1.39 KB, patch)
2009-09-30 02:44 UTC, Rich Megginson
no flags Details | Diff

Description Rich Megginson 2009-09-29 02:55:45 UTC
Since we changed the server schema to be more correct, we are now running into the problem that the groupOfNames and other objectclasses require a member attribute to be present.  Until we sort out the general problem with the LDAP grouping schemas, we should just allow empty groups.  The easiest way to do this is to just change the objectclass to use MAY instead of MUST for the group member attribute.

Comment 1 Rich Megginson 2009-09-30 02:44:13 UTC
Created attachment 363112 [details]
patch

Comment 2 Rich Megginson 2009-09-30 15:03:08 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   de00631..263e072  master -> master

commit 263e072493ec249ee0176193ee8bcb1b72255720
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Tue Sep 29 20:45:54 2009 -0600

    Reviewed by: nhosoi (Thanks!)
    Fix Description: Change groupOfNames and groupOfUniqueNames to allow empty
    groups by changing the member/uniqueMember attribute from MUST to MAY.
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no

Comment 3 Amita Sharma 2011-05-30 09:08:39 UTC
[root@rheltest ~]# ldapadd -D "cn=Directory Manager" -w xxx -h localhost -p 389 << EOF
dn: cn=rhgroup3,dc=corp,dc=example,dc=com
objectClass: top
objectClass: groupofuniquenames
objectClass: ntGroup
ntGroupDeleteGroup: true
cn: rhgroup3
ntUserDomainId: rhgroup3
ntGroupType: -2147483646
ntUniqueId: 3
EOF

adding new entry "cn=rhgroup3,dc=corp,dc=example,dc=com"

This cn=rhgroup3 group is empty, tested groupofuniquenames for uniqueMember attribute is MAY.

[root@rheltest ~]# ldapadd -D "cn=Directory Manager" -w xxx -h localhost -p 389 << EOF
dn: cn=rhgroup4,dc=corp,dc=example,dc=com
objectClass: top
objectClass: groupofnames
objectClass: ntGroup
ntGroupDeleteGroup: true
cn: rhgroup3
ntUserDomainId: rhgroup3
ntGroupType: -2147483646
ntUniqueId: 3
EOF

adding new entry "cn=rhgroup4,dc=corp,dc=example,dc=com"

This cn=rhgroup4 group is empty, tested groupofnames for Member attribute is MAY.


Note You need to log in before you can comment on or make changes to this bug.