ldap/servers/plugins/memberof/memberof.h | 1 +
ldap/servers/plugins/memberof/memberof_config.c | 9 +++++----
2 files changed, 6 insertions(+), 4 deletions(-)
New commits:
commit b989f1d8442a4679dc1505babc9fc64cdc995793
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Nov 23 14:21:38 2010 -0800
Bug 656515 - Allow Name and Optional UID syntax for grouping attributes
The config validation code in the memberOf plug-in currently requires that the
grouping attribute be defined to use the Distinguished Name syntax. The
uniqueMember attribute is still a common method of grouping users, but this
attribute is defined to use the Name and Optional UID syntax. This syntax
contains a DN plus an optional hex-valued UID that can be appended to the end.
We should allow attribute defined to use the Name and Optional UID syntax to be
used as memberOf grouping attributes. We will not support one actually using
the optional UID portion in the value, but this is extremely rare in practice.
diff --git a/ldap/servers/plugins/memberof/memberof.h
b/ldap/servers/plugins/memberof/memberof.h
index 10c1f1f..3e41ef6 100644
--- a/ldap/servers/plugins/memberof/memberof.h
+++ b/ldap/servers/plugins/memberof/memberof.h
@@ -65,6 +65,7 @@
#define MEMBEROF_GROUP_ATTR "memberOfGroupAttr"
#define MEMBEROF_ATTR "memberOfAttr"
#define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
+#define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34"
/*
diff --git a/ldap/servers/plugins/memberof/memberof_config.c
b/ldap/servers/plugins/memberof/memberof_config.c
index fe645f1..1a258d3 100644
--- a/ldap/servers/plugins/memberof/memberof_config.c
+++ b/ldap/servers/plugins/memberof/memberof_config.c
@@ -187,9 +187,10 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
Slapi_Entr
test_attr = slapi_attr_new();
slapi_attr_init(test_attr, slapi_value_get_string(value));
- /* Get the syntax OID and see if it's the Distinguished Name syntax. */
+ /* Get the syntax OID and see if it's the Distinguished Name or
+ * Name and Optional UID syntax. */
slapi_attr_get_syntax_oid_copy(test_attr, &syntaxoid );
- not_dn_syntax = strcmp(syntaxoid, DN_SYNTAX_OID);
+ not_dn_syntax = strcmp(syntaxoid, DN_SYNTAX_OID) & strcmp(syntaxoid,
NAME_OPT_UID_SYNTAX_OID);
slapi_ch_free_string(&syntaxoid);
/* Print an error if the current attribute is not using the Distinguished
@@ -198,8 +199,8 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
Slapi_Entr
{
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"The %s configuration attribute must be set to "
- "an attribute defined to use the Distinguished "
- "Name syntax. (illegal value: %s)",
+ "an attribute defined to use either the Distinguished "
+ "Name or Name and Optional UID syntax. (illegal value: %s)",
slapi_value_get_string(value), MEMBEROF_GROUP_ATTR);
}
else
Show replies by thread