Full_Name: Patrick Nijs Version: 2.4.23 OS: Debian Squeeze x86 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:980:74b5:1:bcd8:7053:70b4:377d)
I have a clean install of Debian Squeeze, and a clean install of OpenLDAP. Now I have enabled the REFINT overlay (it's the only overlay I am using):
To enable it, I executed the following commands as root: echo " dn: cn=module{0},cn=config add: olcModuleLoad olcModuleLoad: refint " | ldapmodify -Y EXTERNAL -H ldapi:///
and:
echo " dn: olcOverlay=refint,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcRefintConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: refint olcRefintAttribute: member olcRefintNothing: cn=admin,dc=domain,dc=local " | ldapmodify -Y EXTERNAL -H ldapi:///
The good thing is that if I rename the DN of a group member, all goes well.
The only BAD thing is, that when I delete a user which is the ONLY MEMBER OF A GROUP, then the olcRefintNothing does NOT KICK IN.
I expect that that when the last member of a group is deleted, then the member attribute of that group is replaced with the DN as specified in olcRefintNothing. This doesn't happen.
Here is a snippet from my syslog (loglevel -1), where cn=test,dc=domein,dc=local is the GROUP (groupOfNames) with the member ATTRIBUTE. uid=peter1,dc=domein,dc=local is a User (account) and the only member left in the aforementioned group.
When I delete this user this shows up in the log:
Feb 17 13:27:27 vm03 slapd[25075]: refint_search_cb <cn=test,dc=domein,dc=local> Feb 17 13:27:27 vm03 slapd[25075]: refint_search_cb: member: uid=peter1,dc=domein,dc=local (#1) Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: conn=-1 op=0 p=0 Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: err=0 matched="" text="" Feb 17 13:27:27 vm03 slapd[25075]: refint_search_cb <NOTHING> Feb 17 13:27:27 vm03 slapd[25075]: hdb_modify: cn=test,dc=domein,dc=local Feb 17 13:27:27 vm03 slapd[25075]: slap_queue_csn: queing 0xb59c06b6 20120217122727.743313Z#000000#000#000000 Feb 17 13:27:27 vm03 slapd[25075]: bdb_dn2entry("cn=test,dc=domein,dc=local") Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: 0x00000006: cn=test,dc=domein,dc=local Feb 17 13:27:27 vm03 slapd[25075]: <= acl_access_allowed: granted to database root Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: delete member Feb 17 13:27:27 vm03 slapd[25075]: dnMatch 0#012#011"uid=peter1,dc=domein,dc=local"#012#011"uid=peter1,dc=domein,dc=local" Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: replace modifiersName Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: delete member Feb 17 13:27:27 vm03 slapd[25075]: bdb_modify_internal: 16 modify/delete: member: no such attribute Feb 17 13:27:27 vm03 slapd[25075]: hdb_modify: modify failed (16) Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: conn=-1 op=0 p=0 Feb 17 13:27:27 vm03 slapd[25075]: send_ldap_result: err=16 matched="" text="modify/delete: member: no such attribute" Feb 17 13:27:27 vm03 slapd[25075]: slap_graduate_commit_csn: removing 0x938a7d0 20120217122727.743313Z#000000#000#000000 Feb 17 13:27:27 vm03 slapd[25075]: refint_repair: dependent modify failed: 16 Feb 17 13:27:27 vm03 slapd[25075]: daemon: activity on 1 descriptor
I see that the REFINT overlay is kicking in, but it comes with the following error: bdb_modify_internal: 16 modify/delete: member: no such attribute
That is strange, because this groupOfNames certainly has a member attribute.
Is this a bug?
Thanks in advance,
Patrick