To reproduce it
1. Create nested static groups under ou=groups,dc=myldap,dc=example,dc=com, and 4 users under ou=Persons,dc=myldap,dc=example,dc=com
dn: ou=groups,dc=myldap,dc=example,dc=com dn: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com dn: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com uniqueMember: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com dn: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: cn=group_level1_b_level2_c,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: cn=group_level1_b_level2_d,ou=groups,dc=myldap,dc=example,dc=com dn: cn=group_level1_b_level2_d,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: uid=user4,ou=Persons,dc=myldap,dc=example,dc=com dn: cn=group_level1_b_level2_c,ou=groups,dc=myldap,dc=example,dc=com uniqueMember: uid=user3,ou=Persons,dc=myldap,dc=example,dc=com
2. Add another 20 dummy users under ou=Persons,dc=myldap,dc=example,dc=com. These users are not members of any of groups above.
3. Set index-entry-limit to a value larger than 24
./dsconfig \
set-backend-prop \
--hostname opendj.example.com \
--port 1444 \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--backend-name userRoot \
--set index-entry-limit:30 \
--no-prompt \
--trustAll
4. ldapsearch (isMemberOf=cn=group_level1) returns 4 entries
$ ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b "ou=Persons,dc=myldap,dc=example,dc=com" "(isMemberOf=cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com)" dn dn: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com dn: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com dn: uid=user3,ou=Persons,dc=myldap,dc=example,dc=com dn: uid=user4,ou=Persons,dc=myldap,dc=example,dc=com
5. Set index-entry-limit to a smaller value
./dsconfig \
set-backend-prop \
--hostname opendj.example.com \
--port 1444 \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--backend-name userRoot \
--set index-entry-limit:10 \
--no-prompt \
--trustAll
6. ldapsearch (isMemberOf=cn=group_level1) returns 2 entries
$ ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b "ou=Persons,dc=myldap,dc=example,dc=com" "(isMemberOf=cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com)" dn dn: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com dn: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com
7. Here are the isMemberOf for the test users
$ ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b "ou=Persons,dc=myldap,dc=example,dc=com" "(uid=user*)" dn isMemberOf dn: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com dn: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com dn: uid=user3,ou=Persons,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1_b_level2_c,ou=groups,dc=myldap,dc=example,dc=com dn: uid=user4,ou=Persons,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com isMemberOf: cn=group_level1_b_level2_d,ou=groups,dc=myldap,dc=example,dc=com
- is a backport of
-
OPENDJ-6464 IsMemberOfVirtualAttributeProvider does not process subordinate nested groups
-
- Done
-