656515 – Allow Name and Optional UID syntax for grouping attributes

Bug 656515 - Allow Name and Optional UID syntax for grouping attributes

Summary: Allow Name and Optional UID syntax for grouping attributes

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Server - memberOf Plug-in
Sub Component:
Version:	1.2.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Nathan Kinder
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:	639035
Blocks:	389_1.2.7
TreeView+	depends on / blocked

Reported:	2010-11-23 22:21 UTC by Nathan Kinder
Modified:	2015-12-07 16:59 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-07 16:59:53 UTC
Embargoed:

Attachments	(Terms of Use)
Patch (2.92 KB, patch) 2010-11-23 22:22 UTC, Nathan Kinder	nkinder: review? rmeggins: review+	Details \| Diff
View All

Description Nathan Kinder 2010-11-23 22:21:35 UTC

The config validation code in the memberOf plug-in currently requires that the grouping attribute be defined to use the Distinguished Name syntax.  The uniqueMember attribute is still a common method of grouping users, but this attribute is defined to use the Name and Optional UID syntax.  This syntax contains a DN plus an optional hex-valued UID that can be appended to the end.

We should allow attribute defined to use the Name and Optional UID syntax to be used as memberOf grouping attributes.  We will not support one actually using the optional UID portion in the value, but this is extremely rare in practice.

Comment 1 Nathan Kinder 2010-11-23 22:22:54 UTC

Created attachment 462466 [details]
Patch

Comment 2 Nathan Kinder 2010-11-23 23:02:58 UTC

Pushed to master.  Thanks to Rich for his review!

Counting objects: 15, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.08 KiB, done.
Total 8 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   36dbaf1..b989f1d  master -> master

Comment 3 Andrey Ivanov 2010-11-24 09:31:38 UTC

Documentation Impact :

I think this notice ("one should be aware that memberOf will not work if the optional UID part present in an attribute with <Name and Optional UID > syntax. The usage of the optional UID portion in the value is extremely rare in practice.") should be added to the documentation on memberOf plug-in of the future RedHat release.

Comment 5 Jenny Severance 2011-05-16 18:16:09 UTC

Can you please add steps to verify?  An example of Name and Optional UID syntax used as memberOf grouping attributes? Thanks

Comment 6 Nathan Kinder 2011-05-17 16:53:39 UTC

(In reply to comment #5)
> Can you please add steps to verify?  An example of Name and Optional UID syntax
> used as memberOf grouping attributes? Thanks

Configure the memberOf plug-in and set "memberofgroupattr" to "uniqueMember" in the configuration entry.  This config entry should not be rejected as an error.

Comment 7 Amita Sharma 2011-06-07 10:26:46 UTC

Not rejected ---
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin

Hence VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.