Full_Name: Robert Henjes
OS: Debian Squeeze
Submission from: (NULL) (22.214.171.124)
while using memberof overlay I recognized the following problem in conjunction
with groupOfNames. If you try to add an empty group of names you have to set at
least one member attribute, since it is mandatory. One could have the idea to
point to the group dn itself. If having the memberof overlay active this leads
to a loop while executing an ldapadd. I assume this happens while the memberof
overlay is triggered. Tried to analyze the slapd debug output, but it stops,
after the addition is completed.
Example LDIF file:
The slapd server seems proceed working, except the add process and the subtree
where the LDIF is gets added. You can not stop the slapd server in a normal way,
you just have to do a "kill -9". After that the LDIF file seems to be added,
I assume, that the memberof overlay representation is inconsistent.
The memberof overlay should be aware of such situations, even if building loops
in dn references is in general not a good idea.
The memberof code in HEAD has been patched to ignore these cases. Possibly we
can add additional code to insert the member/memberOf value as appropriate,
but I haven't done so in this patch.
-- Howard Chu
CTO, Symas Corp.