Hi
I'm using refint and memberof overlays.
Refint overlay don't works as expected - it don't modifying one entry: uid=admin,ou=Users,dc=domain.local (which is a member of cn=webers,ou=Groups,dc=domain.local - see dump.ldif attachment).
Changing the memberof-dangling option in the memberof overlay don't help.
If I turn off the memberof overlay or move this entry to the end of dump.ldif file (after cn=webers,ou=Groups,dc=domain.local) then the refint overlay works as needed.
Can somebody retest it or say where I'm wrong?
Steps to reproduce:
1) stop slapd
2) copy the files (slapd.conf, bsl.schema, dump.ldif) from the attachment to the apropriate places. Correct the pathes (include, directory) in slapd.conf file.
3) rm -rf /path/to/openldap-data/*
4) slapadd -l dump.ldif
5) chown -R ldapd:ldapd openldap-data (use your own ldap user)
6) start slapd
7) test #1: $ ldapsearch -LLL -D cn=manager -w 1 -b "" '(cn=webers)' member dn: cn=webers,ou=Groups,dc=domain.local member: uid=admin,ou=Users,dc=domain.local member: uid=u1,ou=Users,dc=domain.local
$ ldapsearch -LLL -D cn=manager -w 1 -b "" '(uid=*)' memberOf dn: uid=admin,ou=Users,dc=domain.local memberOf: cn=webers,ou=Groups,dc=domain.local
dn: uid=u1,ou=Users,dc=domain.local memberOf: cn=webers,ou=Groups,dc=domain.local
All OK.
8) now rename dc=domain.local: $ ldapmodrdn -r -D cn=manager -w 1 dc=domain.local dc=example.org -v ldap_initialize( <DEFAULT> ) Renaming "dc=domain.local" new rdn="dc=example.org" (delete old rdn) Rename Result: Success (0)
9) check #2: $ ldapsearch -LLL -D cn=manager -w 1 -b "" '(cn=webers)' member dn: cn=webers,ou=Groups,dc=example.org member: uid=admin,ou=Users,dc=example.org member: uid=u1,ou=Users,dc=example.org
$ ldapsearch -LLL -D cn=manager -w 1 -b "" '(uid=*)' memberOf modifiersName dn: uid=admin,ou=Users,dc=example.org memberOf: cn=webers,ou=Groups,dc=domain.local memberOf: cn=webers,ou=Groups,dc=example.org modifiersName: cn=Manager
dn: uid=u1,ou=Users,dc=example.org memberOf: cn=webers,ou=Groups,dc=example.org modifiersName: cn=Referential Integrity Overlay
Error: refint overlay didn't change the uid=admin entry.
-- Regards, Sergei Butakov
Forgot to add: it was tested with BerkeleyDB-4.7.25.4 and openldap-2.4.21 (and openldap-2.4.19).
-- Regards, Sergei Butakov
openldap-technical@openldap.org
-
Sergei Butakov