From: Howard Chu Date: Tue, 19 Mar 2024 16:28:24 +0000 (+0000) Subject: ITS#10188 autogroup: allow groups to be members of other groups X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e62c5d80b1446535a568890197ca145f72a0256b;p=thirdparty%2Fopenldap.git ITS#10188 autogroup: allow groups to be members of other groups But doesn't support recursion - modifications on one autogroup will not trigger further updates on other autogroups that reference it. --- diff --git a/contrib/slapd-modules/autogroup/autogroup.c b/contrib/slapd-modules/autogroup/autogroup.c index 95f2008e54..59b0c321ef 100644 --- a/contrib/slapd-modules/autogroup/autogroup.c +++ b/contrib/slapd-modules/autogroup/autogroup.c @@ -802,7 +802,7 @@ autogroup_add_entry_cb( Operation *op, SlapReply *rs ) goto done; op->o_bd->bd_info = (BackendInfo *)on; - if ( !aa->agd ) { + { autogroup_entry_t *age; autogroup_filter_t *agf; struct berval odn, ondn; @@ -1211,17 +1211,15 @@ autogroup_response( Operation *op, SlapReply *rs ) for ( age = agi->agi_entry ; age ; age = age->age_next ) { if ( dn_match( &age->age_ndn, &op->o_req_ndn )) { Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN updating group's DN to <%s>\n", op->orr_newDN.bv_val ); - ber_dupbv( &age->age_dn, &op->orr_newDN ); - ber_dupbv( &age->age_ndn, &op->orr_nnewDN ); - - overlay_entry_release_ov( op, e, 0, on ); - ldap_pvt_thread_mutex_unlock( &agi->agi_mutex ); - return SLAP_CB_CONTINUE; + ber_bvreplace( &age->age_dn, &op->orr_newDN ); + ber_bvreplace( &age->age_ndn, &op->orr_nnewDN ); + goto break1; } } } } +break1: /* For each group: 1. check if the original entry's DN is in the group. diff --git a/contrib/slapd-modules/autogroup/slapo-autogroup.5 b/contrib/slapd-modules/autogroup/slapo-autogroup.5 index 4c6414d3ec..4d3c23b782 100644 --- a/contrib/slapd-modules/autogroup/slapo-autogroup.5 +++ b/contrib/slapd-modules/autogroup/slapo-autogroup.5 @@ -29,6 +29,9 @@ tested for compliance with the filters, and its membership is accordingly updated. For searches and compares, it behaves like a static group. If the attribute part of the URI is filled, the group entry is populated by the values of this attribute in the entries resulting from the search. + +Note that filters that use attributes that are themselves dynamically +computed may not work consistently, and should be avoided. .SH CONFIGURATION Either .BR \FCslapd.conf\FT (5)