ITS#10188 autogroup: allow groups to be members of other groups

But doesn't support recursion - modifications on one autogroup
will not trigger further updates on other autogroups that reference it.

diff --git a/contrib/slapd-modules/autogroup/autogroup.c b/contrib/slapd-modules/autogroup/autogroup.c
index 95f2008e54d8155845d1dc809ab18e7e1928eaa8..59b0c321ef668436b011d530447a6c666e9e1770 100644 (file)
--- a/contrib/slapd-modules/autogroup/autogroup.c
+++ b/contrib/slapd-modules/autogroup/autogroup.c
@@ -802,7 +802,7 @@ autogroup_add_entry_cb( Operation *op, SlapReply *rs )
                goto done;
 
        op->o_bd->bd_info = (BackendInfo *)on;
-       if ( !aa->agd ) {
+       {
                autogroup_entry_t       *age;
                autogroup_filter_t      *agf;
                struct berval odn, ondn;
@@ -1211,17 +1211,15 @@ autogroup_response( Operation *op, SlapReply *rs )
                                        for ( age = agi->agi_entry ; age ; age = age->age_next ) {
                                                if ( dn_match( &age->age_ndn, &op->o_req_ndn )) {
                                                        Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN updating group's DN to <%s>\n", op->orr_newDN.bv_val );
-                                                       ber_dupbv( &age->age_dn, &op->orr_newDN );
-                                                       ber_dupbv( &age->age_ndn, &op->orr_nnewDN );
-
-                                                       overlay_entry_release_ov( op, e, 0, on );
-                                                       ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );                
-                                                       return SLAP_CB_CONTINUE;
+                                                       ber_bvreplace( &age->age_dn, &op->orr_newDN );
+                                                       ber_bvreplace( &age->age_ndn, &op->orr_nnewDN );
+                                                       goto break1;
                                                }
                                        }
 
                                }
                        }
+break1:
 
                        /* For each group: 
                           1. check if the original entry's DN is in the group.

diff --git a/contrib/slapd-modules/autogroup/slapo-autogroup.5 b/contrib/slapd-modules/autogroup/slapo-autogroup.5
index 4c6414d3ec178a51011259c12cce962042e07418..4d3c23b782e19e317c3058c61c4cf69facf45dae 100644 (file)
--- a/contrib/slapd-modules/autogroup/slapo-autogroup.5
+++ b/contrib/slapd-modules/autogroup/slapo-autogroup.5
@@ -29,6 +29,9 @@ tested for compliance with the filters, and its membership is accordingly
 updated. For searches and compares, it behaves like a static group.
 If the attribute part of the URI is filled, the group entry is populated by
 the values of this attribute in the entries resulting from the search.
+
+Note that filters that use attributes that are themselves dynamically
+computed may not work consistently, and should be avoided.
 .SH CONFIGURATION
 Either
 .BR \FCslapd.conf\FT (5)