Closed floppy-engineer closed 2 years ago
Found a bug. The sync fails in a case using openldap with type=groupofnames AND a group contains objects without "user attibute" like uid (like a nesting group).
Partial config:
[ldap] type=openldap [openldap] type=groupofnames ...
Example of a group that cause failure:
ldap_initialize( ldap://ipa.example.com:389/??base ) filter: (&(objectClass=ipausergroup)(cn=group1)) requesting: member # extended LDIF # # LDAPv3 # base <cn=accounts,dc=example,dc=com> with scope subtree # filter: (&(objectClass=ipausergroup)(cn=group1)) # requesting: member # # group1, groups, accounts, example.com dn: cn=group1,cn=groups,cn=accounts,dc=example,dc=com member: cn=group2,cn=groups,cn=accounts,dc=example,dc=com member: uid=user1,cn=users,cn=accounts,dc=example,dc=com member: uid=user2,cn=users,cn=accounts,dc=example,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Found a bug. The sync fails in a case using openldap with type=groupofnames AND a group contains objects without "user attibute" like uid (like a nesting group).
Partial config:
Example of a group that cause failure: