#47829 memberof scope: allow to exclude subtrees
Closed: wontfix None Opened 10 years ago by tbordaz.

Memberof allows to scope a specific part of the subtree (memberOfEntryScope)

There is no way to exclude subtrees that are under 'memberOfEntryScope'
For example if we want to scope all entries under SUFFIX but 'cn=provisioning,SUFFIX'

It should introduce a new config attribute: memberOfExcludeSubtree
The new attribut is multivalued, DN syntax

This enhancement is required for ‚Äčhttps://fedorahosted.org/freeipa/ticket/3813, where memberof plugin should scope SUFFIX except 'Stage' and 'Delete' entries (under cn=provisioning,SUFFIX)

The attached fix was tested:

  • F17 automatic TC
  • F19 jenkins TC
  • F20 ipa tests. It was tested without regression with the first patches of https://fedorahosted.org/freeipa/ticket/3813 that configure IPA to scope plugins and exclude provisioning. Also with the fix that exclude provisioning from ipa uuid plugins.

Log line from test looks odd:
except ldap.NO_SUCH_OBJECT:
253 topology.standalone.log.info(" ###!!@@##@ Failure to retrieve %s (47833)")

Otherwise, ack

Thanks Rich for reviewing the fix and the test case.

You are right, the logged message was confusing.
47833 shows several symptoms:
A modrdn succeeds but the operation reports a failure
Then searching the target entry wit a base search fails, although the entry exists
* doing a subtree search allows to do successful base search
The confusing message was logged when hitting the second case. I changed the messages to be more precise.

'''git merge master_47829'''
Updating 98cf424..47e5dcc
dirsrvtests/tickets/ticket47829_test.py | 709 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ldap/servers/plugins/memberof/memberof.c | 23 ++-
ldap/servers/plugins/memberof/memberof.h | 3 +
ldap/servers/plugins/memberof/memberof_config.c | 44 ++++-
4 files changed, 772 insertions(+), 7 deletions(-)
create mode 100644 dirsrvtests/tickets/ticket47829_test.py

'''git push origin master'''
Counting objects: 22, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (12/12), done.
Writing objects: 100% (12/12), 6.67 KiB, done.
Total 12 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
98cf424..47e5dcc master -> master

commit 47e5dcc
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Thu Jun 26 11:57:41 2014 +0200

Related to 47833 & 48012.

Replying to [comment:9 nhosoi]:

Could you please take a look at this comment?

This bug reported in this comment (aka https://fedorahosted.org/389/ticket/48012) has been fixed with the final patches of https://fedorahosted.org/389/ticket/47526

Closing this ticket

Metadata Update from @nhosoi:
- Issue assigned to tbordaz
- Issue set to the milestone:

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1160

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Log in to comment on this ticket.