From bc659074ee5345e287ed8d872d9e128664172d60 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 11 Nov 2021 23:17:05 +0000 Subject: [PATCH] ITS#9747 dynlist: fix Compare for static groups Fallback to static check if static groups are configured and dynamic group check returns false. --- servers/slapd/overlays/dynlist.c | 7 +++++ tests/data/dynlist.out | 4 +++ tests/scripts/test044-dynlist | 54 ++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+) diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c index 9b63d459e4..edfbf7c7c4 100644 --- a/servers/slapd/overlays/dynlist.c +++ b/servers/slapd/overlays/dynlist.c @@ -887,6 +887,13 @@ dynlist_compare( Operation *op, SlapReply *rs ) * the assertion is FALSE rather than * UNDEFINED */ rs->sr_err = LDAP_COMPARE_FALSE; + + /* If also using static groups, fallback to + * vanilla compare + */ + if ( dlm->dlm_static_oc ) + return SLAP_CB_CONTINUE; + break; } diff --git a/tests/data/dynlist.out b/tests/data/dynlist.out index a5374c366b..45dc1ff735 100644 --- a/tests/data/dynlist.out +++ b/tests/data/dynlist.out @@ -386,6 +386,10 @@ memberOf: cn=all staff,ou=groups,dc=example,dc=com memberOf: cn=alumni assoc staff,ou=groups,dc=example,dc=com memberOf: cn=dynamic list of members,ou=dynamic lists,dc=example,dc=com +TRUE + +FALSE + # Testing nested dynamic group functionality... dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com objectClass: groupOfURLs diff --git a/tests/scripts/test044-dynlist b/tests/scripts/test044-dynlist index 689bb61d7e..71b1271603 100755 --- a/tests/scripts/test044-dynlist +++ b/tests/scripts/test044-dynlist @@ -808,6 +808,60 @@ if test $RC != 0 ; then exit $RC fi +echo "Testing static group member compare..." +echo "# Testing static group member compare..." >> $SEARCHOUT +$LDAPCOMPARE -H $URI1 \ + "cn=all staff,ou=groups,$BASEDN" "member:cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" >> $SEARCHOUT +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +6) + echo "ldapcompare returned TRUE ($RC)" + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Testing static group non-member compare (should return FALSE)..." +echo "# Testing static group non-member compare (should return FALSE)..." >> $SEARCHOUT +$LDAPCOMPARE -H $URI1 \ + "cn=all staff,ou=groups,$BASEDN" "member:cn=Not A User,ou=Alumni Association,ou=People,$BASEDN" >> $SEARCHOUT +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + echo "Reconfiguring slapd..." $LDAPMODIFY -x -D cn=config -H $URI1 -y $CONFIGPWF > \ $TESTOUT 2>&1 << EOMODS