Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6469

Backport OPENDJ-6464: IsMemberOfVirtualAttributeProvider does not process subordinate nested groups

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0, 3.5.3
    • Fix Version/s: 5.5.3
    • Component/s: None
    • Labels:
    • Story Points:
      1

      Description

      To reproduce it

      1. Create nested static groups under ou=groups,dc=myldap,dc=example,dc=com, and 4 users under ou=Persons,dc=myldap,dc=example,dc=com

      dn: ou=groups,dc=myldap,dc=example,dc=com
      dn: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com
      dn: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com
      uniqueMember: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com
      dn: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: cn=group_level1_b_level2_c,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: cn=group_level1_b_level2_d,ou=groups,dc=myldap,dc=example,dc=com
      dn: cn=group_level1_b_level2_d,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: uid=user4,ou=Persons,dc=myldap,dc=example,dc=com
      dn: cn=group_level1_b_level2_c,ou=groups,dc=myldap,dc=example,dc=com
      uniqueMember: uid=user3,ou=Persons,dc=myldap,dc=example,dc=com
      

      2. Add another 20 dummy users under ou=Persons,dc=myldap,dc=example,dc=com. These users are not members of any of groups above.

      3. Set index-entry-limit to a value larger than 24

      ./dsconfig \
       set-backend-prop \
       --hostname opendj.example.com \
       --port 1444 \
       --bindDN "cn=Directory Manager" \
       --bindPassword password \
       --backend-name userRoot \
       --set index-entry-limit:30 \
       --no-prompt \
       --trustAll
      

      4. ldapsearch (isMemberOf=cn=group_level1) returns 4 entries

      $ ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b "ou=Persons,dc=myldap,dc=example,dc=com" "(isMemberOf=cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com)" dn
      dn: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com
      
      dn: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com
      
      dn: uid=user3,ou=Persons,dc=myldap,dc=example,dc=com
      
      dn: uid=user4,ou=Persons,dc=myldap,dc=example,dc=com
      

      5. Set index-entry-limit to a smaller value

      ./dsconfig \
       set-backend-prop \
       --hostname opendj.example.com \
       --port 1444 \
       --bindDN "cn=Directory Manager" \
       --bindPassword password \
       --backend-name userRoot \
       --set index-entry-limit:10 \
       --no-prompt \
       --trustAll
      

      6. ldapsearch (isMemberOf=cn=group_level1) returns 2 entries

      $ ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b "ou=Persons,dc=myldap,dc=example,dc=com" "(isMemberOf=cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com)" dn
      dn: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com
      
      dn: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com
      

      7. Here are the isMemberOf for the test users

      $ ./ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b "ou=Persons,dc=myldap,dc=example,dc=com" "(uid=user*)" dn isMemberOf
      dn: uid=user1,ou=Persons,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com
      
      dn: uid=user2,ou=Persons,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1_a,ou=groups,dc=myldap,dc=example,dc=com
      
      dn: uid=user3,ou=Persons,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1_b_level2_c,ou=groups,dc=myldap,dc=example,dc=com
      
      dn: uid=user4,ou=Persons,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1,ou=groups,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1_b,ou=groups,dc=myldap,dc=example,dc=com
      isMemberOf: cn=group_level1_b_level2_d,ou=groups,dc=myldap,dc=example,dc=com
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cjr Chris Ridd
                Reporter:
                cjr Chris Ridd
                QA Assignee:
                Michal Severin
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: