(ITS#5903) memberof stacked instance member-attr delete failure

Full_Name: Matthew Backes Version: 2.4, head OS: any URL: Submission from: (NULL) (76.88.99.93)

If slapo-memberof is instanced more than once, deleting the member-attr values from a group or deleting the group object will not remove the memberof-attr values from the members.

Adds are not affected.

Internally, the operation fails because it tries using the memberof-attribute name from the last memberof instance in the stack.

For example, given two member/group oc/attr sets in a schema:

objectIdentifier symasExample 1.3.6.1.4.1.4754.31 objectIdentifier symasExAT symasExample:1 objectIdentifier symasExOC symasExample:2

attributetype ( symasExAT:1 NAME 'memberA' SUP distinguishedName ) attributetype ( symasExAT:2 NAME 'memberOfA' SUP distinguishedName ) attributetype ( symasExAT:3 NAME 'memberB' SUP distinguishedName ) attributetype ( symasExAT:4 NAME 'memberOfB' SUP distinguishedName )

objectclass ( symasExOC:1 NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA ) objectclass ( symasExOC:2 NAME 'groupMemberA' SUP top AUXILIARY MAY memberOfA ) objectclass ( symasExOC:3 NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB ) objectclass ( symasExOC:4 NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )

If we add two overlay instances:

overlay memberof memberof-group-oc groupA memberof-member-ad memberA memberof-memberof-ad memberOfA memberof-dn cn=memberOfA

overlay memberof memberof-group-oc groupB memberof-member-ad memberB memberof-memberof-ad memberOfB memberof-dn cn=memberOfB

And start with the data, involving the ocs/attrs from the first instance:

dn: cn=person1,o=example objectclass: person objectclass: groupMemberA cn: person1 sn: person1 memberOfA: cn=groupA,o=example

dn: cn=groupA,o=example objectclass: groupA cn: groupA memberA: cn=person1,o=example

And issue a delete:

dn: cn=groupA,o=example changetype: delete

Internally we see:

bdb_modify_internal: delete memberOfB bdb_modify_internal: 16 modify/delete: memberOfB: no such attribute hdb_modify: modify failed (16) send_ldap_result: conn=0 op=1 p=3 send_ldap_result: err=16 matched="" text="modify/delete: memberOfB: no such attribute" slap_graduate_commit_csn: removing 0x10066cdc0 20090124095138.577730Z#000000#000#000000 conn=0 op=1: memberof_value_modify memberOfB="cn=groupA,o=example" failed err=16 text= send_ldap_response: msgid=2 tag=107 err=0

And cn=person1 has not been cleaned up:

dn: cn=person1,o=example objectClass: person objectClass: groupMemberA cn: person1 sn: person1 memberOfA: cn=groupA,o=example modifiersName: o=example

-- Matthew Backes Symas Corporation mbackes@symas.com