#47398 memberOf on a user is converted to lowercase
Closed: Fixed None Opened 6 years ago by gobi.

After upgrading from 389-Directory/1.2.10.12 B2012.180.1623 to 389-Directory/1.2.11.15 B2013.100.2247 we noticed that the memberOf attribute had all characters converted to lowercase.

We run the memberOf-plugin to genereate memberOf.

(This might be a duplicate to Ticket #338, but i file it anyways)


Here is the current status

  • I can reproduce the problem with the following testcase
    {{{
    - stop DS, enable memberof plugin, start DS
    - Create the entries
    dn: uid=t5,dc=com
    uid: t5
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetorgperson
    objectClass: inetuser
    sn: 5
    cn: t 5

dn: cn=BiGCaSeGrp,ou=Groups,dc=com
objectClass: top
objectClass: groupOfNames
cn: BiGCaSeGrp
description: group used to tests memberof with Upper cases
- Update the group
dn: cn=BiGCaSeGrp,ou=Groups,dc=com
changetype: modify
add: member
member: uid=t5,dc=com

    - Search for the entry t5 the groups it is memberof (group has been lowercased)

dn: uid=t5,dc=com
memberOf: cn=bigcasegrp,ou=groups,dc=com
uid: t5
givenName: t
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
sn: 5
cn: t 5

}}}

  • I think it is valid to normalize the 'member' as it is a generated attribute and stored in the entry before being returned. Now it can be problematic for some applications and will check how it can be fixed

Here are the next steps

  • Look for a fix

Here is the current status

  • This change was introduced on purpose by https://fedorahosted.org/389/ticket/412 (in 1.2.11.12).
    The reason was to reduce the number of call of DN normalization in order to improve performance of memberof plugin.

  • I think that this attribute being generated/stored by the server itself, the ldapclient should not make any assumption whether it will be normalized or not when it is returned

Here are the next steps

  • will check if it exists some workaround

Here is the current status

  • I made a fix that stores the actual group DN rather than the normalized group DN. Unit tests and acceptance are ok

Here are the next steps

  • Evaluate the impact of the fix regarding optimization 412.
    On a same test case I will count the number of normalization (slapi_dn_normalized_ext) with and without the fix

Here is the current status

  • I was not able to measure a performance hit with/without the fix
    This is not a surprise has like stated with ticket412 it is difficult to measure a throughput/response time
    impact due to the number dn normalization

  • I measure an increase of 1% of the number of call of slapi_dn_normalization.
    test case was: add 1000 entries, set those 1000 entries as member of a group, search 'memberof' on those entries, remove those 1000 entries from the group, search 'memberof on those entries.

Here are the next steps

  • Try to isolate what part of the test case triggers the additional calls

Reason of the additional calls to slapi_dn_normalized: When adding a member entry to a groupA, memberof plugins computes the set of groups that the entry is now belonging to. If the groupA is itself member of groupB, the groupB is added to the set and recursively it checks if groupB is member of an other group.

The groups in that set are now not normalized. In order to add a group in that set, it needs first to normalized the groups already in the set (to avoid duplicate).

The fix could be improved so that we have two sets. One normalized (to check addition in the set), the other unnormalized that contains the values that will be added as memberof attribute.

Looks good! Just a terminology issue, but slapi_sdn_get_dn returns a normalized DN (just not case lowered). The difference between the DNs returned from slapi_sdn_get_dn and slapi_sdn_get_ndn is the upper/lower-case only. With your patch, the original upper/lower-case is reserved, but the memberof value to be stored is normalized.

push in master

git merge ticket47398
Updating 76abd73..04b6137
Fast-forward
ldap/servers/plugins/memberof/memberof.c | 40 ++++++++++++++++++++++++----------------
1 file changed, 24 insertions(+), 16 deletions(-)

git push origin master
Counting objects: 13, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.54 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
76abd73..04b6137 master -> master

commit 04b6137
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Tue Oct 8 10:29:42 2013 +0200

Metadata Update from @tbordaz:
- Issue assigned to tbordaz
- Issue set to the milestone: 1.3.3 - 10/13 (October)

3 years ago

Login to comment on this ticket.

Metadata