From: Howard Chu <hyc@openldap.org>
Date: Fri, 17 Jan 2020 14:49:58 +0000 (+0000)
Subject: ITS#9121 fix memberOf eval
X-Git-Tag: OPENLDAP_REL_ENG_2_5_0ALPHA~63^2~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb42a6e91af3ba64353d4233654131c8c26fe31e;p=thirdparty%2Fopenldap.git

ITS#9121 fix memberOf eval

Must disable ACL group caching when checking membership
---

diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c
index 0b1f8f683a..721eb728d6 100644
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -973,7 +973,10 @@ dynlist_search2resp( Operation *op, SlapReply *rs )
 				dyn = ptr->avl_data;
 				for ( dlm = dyn->dy_dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
 					if ( dlm->dlm_memberOf_ad ) {
-						rc = backend_group( op, NULL, &dyn->dy_name,
+						Operation o = *op;
+						o.o_do_not_cache = 1;
+						o.o_groups = NULL;
+						rc = backend_group( &o, NULL, &dyn->dy_name,
 							&e->e_nname, dyn->dy_dli->dli_oc, dyn->dy_dli->dli_ad );
 						if ( rc == LDAP_SUCCESS ) {
 							/* ensure e is modifiable, but do not replace