Memberof being enabled, let the leaf entry new_account0 being member of G1 and G2.
dn:uid=new_account0,dc=example,dc=com memberOf: cn=cn=group_1_lvl_1,dc=example,dc=com memberOf: cn=cn=group_2_lvl_1,dc=example,dc=com
Then create a new group G3 and update it making G1 and G2 member of G3
dn: cn=cn=group_3_lvl_2,dc=example,dc=com member: cn=cn=group_1_lvl_1,dc=example,dc=com member: cn=cn=group_2_lvl_1,dc=example,dc=com
When computing/setting the membership, memberof plugin will update G1 descendants to reflect they belong to G3 and the same for G2 descendants.
But new_account0 is descendant of both G1 and G2. The problem is that new_account0 will be updated twice.
audit logs show
time: 20160531163918 dn: uid=new_account0,dc=example,dc=com result: 0 changetype: modify replace: memberOf memberOf: cn=cn=group_1_lvl_1,dc=example,dc=com memberOf: cn=cn=group_3_lvl_2,dc=example,dc=com memberOf: cn=cn=group_2_lvl_1,dc=example,dc=com - replace: modifiersname modifiersname: cn=MemberOf Plugin,cn=plugins,cn=config - replace: modifytimestamp modifytimestamp: 20160531143918Z - time: 20160531163918 dn: cn=cn=group_1_lvl_1,dc=example,dc=com result: 0 changetype: modify replace: memberOf memberOf: cn=cn=group_3_lvl_2,dc=example,dc=com - replace: modifiersname modifiersname: cn=MemberOf Plugin,cn=plugins,cn=config - replace: modifytimestamp modifytimestamp: 20160531143918Z - time: 20160531163918 dn: uid=new_account0,dc=example,dc=com result: 0 changetype: modify replace: memberOf memberOf: cn=cn=group_1_lvl_1,dc=example,dc=com memberOf: cn=cn=group_3_lvl_2,dc=example,dc=com memberOf: cn=cn=group_2_lvl_1,dc=example,dc=com - replace: modifiersname modifiersname: cn=MemberOf Plugin,cn=plugins,cn=config - replace: modifytimestamp modifytimestamp: 20160531143918Z - time: 20160531163918 dn: cn=cn=group_2_lvl_1,dc=example,dc=com result: 0 changetype: modify replace: memberOf memberOf: cn=cn=group_3_lvl_2,dc=example,dc=com - replace: modifiersname modifiersname: cn=MemberOf Plugin,cn=plugins,cn=config - replace: modifytimestamp modifytimestamp: 20160531143918Z - time: 20160531163918 dn: cn=cn=group_3_lvl_2,dc=example,dc=com result: 0 changetype: modify replace: member member: cn=cn=group_1_lvl_1,dc=example,dc=com member: cn=cn=group_2_lvl_1,dc=example,dc=com - replace: modifiersname modifiersname: cn=directory manager - replace: modifytimestamp modifytimestamp: 20160531143918Z -
Membership computation (and update) for new_account0 should be skipped if it has already been computed/updated.
attachment ticket48861_test.py
Input from Thierry.
Will use a workaround in 1.3.5, so can wait for 1.3.6.
attachment 0001-Ticket-48861-Memberof-plugins-can-update-several-tim.patch
With the above patch, the provisioning (https://github.com/freeipa/freeipa-tools/blob/master/create-test-data.py) duration is divided by 2.
@tbordaz, isn't this kind of solved by the algo in #48856?
@william, I am not sure it address this specific bug. see https://fedorahosted.org/389/ticket/48856#comment:7
attachment 0002-Ticket-48861-Memberof-plugins-can-update-several-tim.patch
attachment 0002-Ticket-48861-memberof-plugin-tests-suite.patch
In the hashtable patch, can you please avoid:
{{{ if (cond) code }}}
Please always use:
{{{ if (cond) { code } }}}
I would rather us be explicit, and correct, rather than anything.
As well, the use of ternaries is confusing, I would rather see long form if statements here.
Otherwise, I think the C code looks okay.
line 129 of the patch, you need a break between the end of the last function and test_memberof_setloging
Otherwise the test looks really thorough. Great work!
attachment 0003-Ticket-48861-Memberof-plugins-can-update-several-tim.patch
attachment 0003-Ticket-48861-memberof-plugin-tests-suite.patch
Awesome work mate, this will help a lot :)
Thanks William for all your help/discussion
'''Master'''
DS server push
Counting objects: 7, done. Delta compression using up to 8 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 2.43 KiB | 0 bytes/s, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 848bd6b..2ce0a6b master -> master
commit 2ce0a6b Author: Thierry Bordaz tbordaz@redhat.com Date: Fri Dec 2 18:38:05 2016 +0100
Test suite push
Counting objects: 7, done. Delta compression using up to 8 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 7.91 KiB | 0 bytes/s, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 2ce0a6b..dc7bde8 master -> master
commit dc7bde8 Author: Thierry Bordaz tbordaz@redhat.com Date: Sun Dec 4 18:00:04 2016 +0100
Metadata Update from @tbordaz: - Issue assigned to tbordaz - Issue set to the milestone: 1.3.6.0
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1921
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.