(ITS#4761) error in "group" authorization parsing

Full_Name: Pierangelo Masarati Version: HEAD,re23 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (87.28.220.33) Submitted by: ando

When an authorization rule using groups, like "group:<dn>" is used, the default member attribute "member" is erroneously set to an empy berval, resulting in an invalid filter being used for the internal lookup to check for membership.

A workaround consists in avoiding defaults: "group/<oc>/<at>:<dn>". "group/<oc>:<dn>" appears to work as intended, i.e. in this case the default attribute is correctly used. A fix is coming.

p.