Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1586

Nested groups fail to return indirect members with DBs larger than 10 entries

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Testing
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.1, 2.6.0
    • Fix Version/s: 3.0.0, 2.8.0
    • Component/s: core server
    • Labels:
    • Environment:
      operatingSystem: Linux 2.6.32-431.23.3.el6.x86_64 amd64
      javaVendor: Oracle Corporation
      javaVersion: 1.7.0_65

      Issue is not Environment specific.
    • Sprint:
      Sprint 43

      Description

      With the following example group and nested group, an ldap filter of (isMemberOf=cn=test-group...) fails with a large database.

      Example Group and Nested Group:

      dn: cn=test-group,ou=groups,dc=example,dc=com
      objectClass: groupofuniquenames
      objectClass: top
      ou: Groups
      cn: test-group
      uniqueMember: cn=test-nested-group,ou=groups,dc=example,dc=com
      uniqueMember: uid=user.0,ou=people,dc=example,dc=com
      uniqueMember: uid=user.1,ou=people,dc=example,dc=com

      dn: cn=test-nested-group,ou=groups,dc=example,dc=com
      objectClass: groupofuniquenames
      objectClass: top
      ou: Groups
      cn: test-nested-group
      uniqueMember: uid=user.2,ou=people,dc=example,dc=com
      uniqueMember: uid=user.3,ou=people,dc=example,dc=com

      Test Cases:

      GOOD: Small database with 10 entries.

      All members from cn=test-group (dn's) are returned including cn=test-nested-group and its members (uniqueMember).

      ./ldapsearch -D "cn=Directory Manager" -w password --port 5389 --baseDN dc=example,dc=com "(isMemberOf=cn=test-group,ou=groups,dc=example,dc=com)" uniqueMember

      dn: cn=test-nested-group,ou=groups,dc=example,dc=com
      uniqueMember: uid=user.2,ou=people,dc=example,dc=com
      uniqueMember: uid=user.3,ou=people,dc=example,dc=com

      dn: uid=user.0,ou=People,dc=example,dc=com

      dn: uid=user.1,ou=People,dc=example,dc=com

      dn: uid=user.2,ou=People,dc=example,dc=com

      dn: uid=user.3,ou=People,dc=example,dc=com

      BAD: Large database with 10011 entries.

      Only the cn=test-group's dn's, i.e. missing the cn=test-nested-group's member dn's - uid=user.2 & uid=user.3.

      ./ldapsearch -D "cn=Directory Manager" -w password --port 5389 --baseDN dc=example,dc=com "(isMemberOf=cn=test-group,ou=groups,dc=example,dc=com)" uniqueMember

      dn: cn=test-nested-group,ou=groups,dc=example,dc=com
      uniqueMember: uid=user.2,ou=people,dc=example,dc=com
      uniqueMember: uid=user.3,ou=people,dc=example,dc=com

      dn: uid=user.0,ou=People,dc=example,dc=com

      dn: uid=user.1,ou=People,dc=example,dc=com

      The required behavior to return all group and nested group member's as dn's is not fulfilled.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ludo Ludovic Poitou
                Reporter:
                lee.trujillo Lee Trujillo
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: