From 80149d9f1170af98ab8792e8ad99d4ba406496a2 Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Fri, 28 Mar 2008 08:56:06 -0700 Subject: Fixed handling of modify operations that delete all present member values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097 --- ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c b/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c index c8ad71b36..b8b3b046b 100644 --- a/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c +++ b/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c @@ -652,8 +652,19 @@ int ipamo_postop_modify(Slapi_PBlock *pb) case LDAP_MOD_DELETE: { - /* remove group DN from targets */ - ipamo_del_smod_list(pb, dn, smod); + /* If there are no values in the smod, we should + * just do a replace instead. The user is just + * trying to delete all members from this this + * entry, which the replace code deals with. */ + if (slapi_mod_get_num_values(smod) == 0) + { + memberof_replace_list(pb, dn); + } + else + { + /* remove group DN from target values in smod*/ + memberof_del_smod_list(pb, dn, smod); + } break; } -- cgit