slap_overinst *on;
BerVarray member;
BerVarray memberof;
+ memberof_is_t what;
} memberof_cbinfo_t;
static int
* attribute values of groups being deleted.
*/
static int
-memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo_t *mci )
+memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci )
{
slap_overinst *on = mci->on;
memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
memberof_is_t iswhat = MEMBEROF_IS_NONE;
memberof_cookie_t mc;
- assert( iswhatp != NULL );
- assert( *iswhatp != MEMBEROF_IS_NONE );
+ assert( mci->what != MEMBEROF_IS_NONE );
cb.sc_private = &mc;
if ( op->o_tag == LDAP_REQ_DELETE ) {
op2.ors_slimit = 1;
op2.ors_tlimit = SLAP_NO_LIMIT;
- if ( *iswhatp & MEMBEROF_IS_GROUP ) {
+ if ( mci->what & MEMBEROF_IS_GROUP ) {
mc.ad = mo->mo_ad_member;
mc.foundit = 0;
mc.vals = NULL;
if ( mc.foundit ) {
iswhat |= MEMBEROF_IS_GROUP;
- mci->member = mc.vals;
+ if ( mc.vals ) mci->member = mc.vals;
}
}
- if ( *iswhatp & MEMBEROF_IS_MEMBER ) {
+ if ( mci->what & MEMBEROF_IS_MEMBER ) {
mc.ad = mo->mo_ad_memberof;
mc.foundit = 0;
mc.vals = NULL;
if ( mc.foundit ) {
iswhat |= MEMBEROF_IS_MEMBER;
- mci->memberof = mc.vals;
+ if ( mc.vals ) mci->memberof = mc.vals;
}
}
- *iswhatp = iswhat;
+ mci->what = iswhat;
return LDAP_SUCCESS;
}
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
- memberof_is_t iswhat = MEMBEROF_IS_GROUP;
slap_callback *sc;
memberof_cbinfo_t *mci;
- if ( MEMBEROF_REFINT( mo ) ) {
- iswhat = MEMBEROF_IS_BOTH;
- }
sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
sc->sc_private = sc+1;
mci->on = on;
mci->member = NULL;
mci->memberof = NULL;
+ mci->what = MEMBEROF_IS_GROUP;
+ if ( MEMBEROF_REFINT( mo ) ) {
+ mci->what = MEMBEROF_IS_BOTH;
+ }
- memberof_isGroupOrMember( op, &iswhat, mci );
+ memberof_isGroupOrMember( op, mci );
sc->sc_next = op->o_callback;
op->o_callback = sc;
Modifications **mlp, **mmlp = NULL;
int rc = SLAP_CB_CONTINUE, save_member = 0;
struct berval save_dn, save_ndn;
- memberof_is_t iswhat = MEMBEROF_IS_GROUP;
slap_callback *sc;
memberof_cbinfo_t *mci, mcis;
save_dn = op->o_dn;
save_ndn = op->o_ndn;
mcis.on = on;
+ mcis.what = MEMBEROF_IS_GROUP;
- if ( memberof_isGroupOrMember( op, &iswhat, &mcis ) == LDAP_SUCCESS
- && ( iswhat & MEMBEROF_IS_GROUP ) )
+ if ( memberof_isGroupOrMember( op, &mcis ) == LDAP_SUCCESS
+ && ( mcis.what & MEMBEROF_IS_GROUP ) )
{
Modifications *ml;
mci->on = on;
mci->member = NULL;
mci->memberof = NULL;
+ mci->what = mcis.what;
if ( save_member ) {
op->o_dn = op->o_bd->be_rootdn;
int i, rc;
Modifications *ml, *mml = NULL;
BerVarray vals;
- memberof_is_t iswhat = MEMBEROF_IS_GROUP;
if ( rs->sr_err != LDAP_SUCCESS ) {
return SLAP_CB_CONTINUE;
}
}
- if ( memberof_isGroupOrMember( op, &iswhat, mci ) == LDAP_SUCCESS
- && ( iswhat & MEMBEROF_IS_GROUP ) )
+ if ( mci->what & MEMBEROF_IS_GROUP )
{
for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
if ( ml->sml_desc != mo->mo_ad_member ) {
BerVarray vals;
struct berval save_dn, save_ndn;
- memberof_is_t iswhat = MEMBEROF_IS_GROUP;
if ( rs->sr_err != LDAP_SUCCESS ) {
return SLAP_CB_CONTINUE;
}
+ mci->what = MEMBEROF_IS_GROUP;
if ( MEMBEROF_REFINT( mo ) ) {
- iswhat |= MEMBEROF_IS_MEMBER;
+ mci->what |= MEMBEROF_IS_MEMBER;
}
if ( op->orr_nnewSup ) {
op->o_req_dn = newNDN;
op->o_req_ndn = newNDN;
- rc = memberof_isGroupOrMember( op, &iswhat, mci );
+ rc = memberof_isGroupOrMember( op, mci );
op->o_req_dn = save_dn;
op->o_req_ndn = save_ndn;
- if ( rc != LDAP_SUCCESS || iswhat == MEMBEROF_IS_NONE ) {
+ if ( rc != LDAP_SUCCESS || mci->what == MEMBEROF_IS_NONE ) {
goto done;
}
build_new_dn( &newDN, &newPDN, &op->orr_newrdn, op->o_tmpmemctx );
- if ( iswhat & MEMBEROF_IS_GROUP ) {
+ if ( mci->what & MEMBEROF_IS_GROUP ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = backend_attribute( op, NULL, &newNDN,
mo->mo_ad_member, &vals, ACL_READ );
}
}
- if ( MEMBEROF_REFINT( mo ) && ( iswhat & MEMBEROF_IS_MEMBER ) ) {
+ if ( MEMBEROF_REFINT( mo ) && ( mci->what & MEMBEROF_IS_MEMBER ) ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = backend_attribute( op, NULL, &newNDN,
mo->mo_ad_memberof, &vals, ACL_READ );
sn: Rabbit
memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
+# Re-search the entire database...
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: cn=group1,ou=Groups,dc=example,dc=com
+objectClass: groupA
+cn: group1
+
+dn: cn=group2,ou=Groups,dc=example,dc=com
+objectClass: groupB
+cn: group2
+memberB: cn=person1,ou=People,dc=example,dc=com
+memberB: cn=person2,ou=People,dc=example,dc=com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: People
+
+dn: cn=person1,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person1
+sn: person1
+memberOfB: cn=group2,ou=Groups,dc=example,dc=com
+
+dn: cn=person2,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person2
+sn: person2
+memberOfB: cn=group2,ou=Groups,dc=example,dc=com
+
echo "Running ldapadd to build slapd config database..."
$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
>> $TESTOUT 2>&1 <<EOF
+dn: cn=symas group example,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: symas group example
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1
+ NAME 'memberA' SUP distinguishedName )
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2
+ NAME 'memberOfA' SUP distinguishedName )
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3
+ NAME 'memberB' SUP distinguishedName )
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4
+ NAME 'memberOfB' SUP distinguishedName )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1
+ NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2
+ NAME 'groupMemberA' SUP top AUXILIARY MAY memberOfA )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3
+ NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4
+ NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )
+
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
olcDbIndex: sn pres,eq,sub
olcDbMode: 384
-# {0}memberof, {1}$BACKEND, config
dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupA
+olcMemberOfMemberAD: memberA
+olcMemberOfMemberOfAD: memberOfA
+
+dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {2}memberof
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupB
+olcMemberOfMemberAD: memberB
+olcMemberOfMemberOfAD: memberOfB
+
EOF
RC=$?
if test $RC != 0 ; then
exit $RC
fi
+echo "Adding groups with MAY member type schemas..."
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
+ -D "cn=Manager,$BASEDN" -w secret \
+ >> $TESTOUT 2>&1 <<EOF
+dn: cn=Roger Rabbit,ou=People,$BASEDN
+changetype: delete
+
+dn: cn=Jessica Rabbit,ou=People,$BASEDN
+changetype: delete
+
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: delete
+
+dn: cn=person1,ou=People,$BASEDN
+changetype: add
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person1
+sn: person1
+
+dn: cn=person2,ou=People,$BASEDN
+changetype: add
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person2
+sn: person2
+
+dn: cn=group1,ou=Groups,$BASEDN
+changetype: add
+objectclass: groupA
+cn: group1
+memberA: cn=person1,ou=People,$BASEDN
+memberA: cn=person2,ou=People,$BASEDN
+
+dn: cn=group2,ou=Groups,$BASEDN
+changetype: add
+objectclass: groupB
+cn: group2
+memberB: cn=person1,ou=People,$BASEDN
+memberB: cn=person2,ou=People,$BASEDN
+
+dn: cn=group1,ou=Groups,$BASEDN
+changetype: modify
+delete: memberA
+
+EOF
+
+echo "Re-search the entire database..."
+echo "# Re-search the entire database..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
test $KILLSERVERS != no && kill -HUP $KILLPIDS
LDIF=$MEMBEROFOUT