Bug 656515 - Allow Name and Optional UID syntax for grouping attributes
Summary: Allow Name and Optional UID syntax for grouping attributes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Server - memberOf Plug-in
Version: 1.2.6
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
Assignee: Nathan Kinder
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On: 639035
Blocks: 389_1.2.7
TreeView+ depends on / blocked
 
Reported: 2010-11-23 22:21 UTC by Nathan Kinder
Modified: 2015-12-07 16:59 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-07 16:59:53 UTC


Attachments (Terms of Use)
Patch (2.92 KB, patch)
2010-11-23 22:22 UTC, Nathan Kinder
nkinder: review?
rmeggins: review+
Details | Diff

Description Nathan Kinder 2010-11-23 22:21:35 UTC
The config validation code in the memberOf plug-in currently requires that the grouping attribute be defined to use the Distinguished Name syntax.  The uniqueMember attribute is still a common method of grouping users, but this attribute is defined to use the Name and Optional UID syntax.  This syntax contains a DN plus an optional hex-valued UID that can be appended to the end.

We should allow attribute defined to use the Name and Optional UID syntax to be used as memberOf grouping attributes.  We will not support one actually using the optional UID portion in the value, but this is extremely rare in practice.

Comment 1 Nathan Kinder 2010-11-23 22:22:54 UTC
Created attachment 462466 [details]
Patch

Comment 2 Nathan Kinder 2010-11-23 23:02:58 UTC
Pushed to master.  Thanks to Rich for his review!

Counting objects: 15, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.08 KiB, done.
Total 8 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   36dbaf1..b989f1d  master -> master

Comment 3 Andrey Ivanov 2010-11-24 09:31:38 UTC
Documentation Impact :

I think this notice ("one should be aware that memberOf will not work if the optional UID part present in an attribute with <Name and Optional UID > syntax. The usage of the optional UID portion in the value is extremely rare in practice.") should be added to the documentation on memberOf plug-in of the future RedHat release.

Comment 5 Jenny Severance 2011-05-16 18:16:09 UTC
Can you please add steps to verify?  An example of Name and Optional UID syntax used as memberOf grouping attributes? Thanks

Comment 6 Nathan Kinder 2011-05-17 16:53:39 UTC
(In reply to comment #5)
> Can you please add steps to verify?  An example of Name and Optional UID syntax
> used as memberOf grouping attributes? Thanks

Configure the memberOf plug-in and set "memberofgroupattr" to "uniqueMember" in the configuration entry.  This config entry should not be rejected as an error.

Comment 7 Amita Sharma 2011-06-07 10:26:46 UTC
Not rejected ---
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin

Hence VERIFIED.


Note You need to log in before you can comment on or make changes to this bug.