On Wed, Oct 03, 2018 at 08:25:44PM +0000, [email protected] wrote: > In a situation where a dynamic group has been created and a compare operation > is > run with a DN that doesn't exist but is within the scope of the dynamic group > URI, the ldapcompare operation will incorrectly return an error 80 instead of > error 5 (compare FALSE). > > For example, if I have: > > dn: cn=planning,ou=Groups,dc=example,dc=com > objectClass: groupOfURLs > cn: planning > memberURL: ldap:///ou=planning,dc=example,dc=com??sub?(objectClass=inetorgpers > on) > > and I do an ldapcompare with: > > ldapcompare -x -H ldap://anvil2.rb.symas.net -D dc=example,dc=com -w secret > cn=planning,ou=Groups,dc=example,dc=com "member:cn=Ramakant > Wolow,ou=Planning,dc=example,dc=com" > > (i.e., this entry doesn't exist in the DB), I get: > > Compare Result: Other (e.g., implementation specific) error (80) > UNDEFINED > > This appears to be due to the fact that in this scenario, slapd attempts to > find > the DN in the underlying DB and it doesn't exist, so an err=32 is returned > back. > This is incorrectly interpreted as an unknown error, thus the err=80 result. > Instead it should be treated as "not a member of the group".
I thought that exact scenario was being tested here? And that one passes. https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=tests/scripts/test044-dynlist;h=86885cd1150f765d4e42695947fcb6f63965a073;hb=refs/heads/master#l471 -- OndÅej KuznÃk Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
