ldap/admin/src/scripts/fixup-memberof.pl.in | 4 ++--
ldap/servers/plugins/memberof/memberof.c | 2 +-
man/man8/fixup-memberof.pl.8 | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
New commits:
commit de61f34aea3ffe197a173bfa6ef7a34137d6e36c
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Apr 9 09:59:20 2013 -0400
Ticket 47315 - filter option in fixup-memberof requires more clarification
Bug Description: The usgae/documentaton states that if you don't supply a
filter,
then "all" the entries will be checked. Actually only
users that
have "objectclass: inetuser" are checked.
Fix Description: Added another objectclass to the default query, inetadmin.
inetuser & inetadmin are the only standard objectclasses that
have
memberOf in thier definitions. Also updated the man page, and the
script usage to state what the internal query/filter is.
https://fedorahosted.org/389/ticket/47315
Reviewed by: richm(Thanks!)
diff --git a/ldap/admin/src/scripts/fixup-memberof.pl.in
b/ldap/admin/src/scripts/fixup-memberof.pl.in
index 43c24d2..a495249 100644
--- a/ldap/admin/src/scripts/fixup-memberof.pl.in
+++ b/ldap/admin/src/scripts/fixup-memberof.pl.in
@@ -61,8 +61,8 @@ sub usage {
print(STDERR " -j filename - Read Directory Manager's password from
file\n");
print(STDERR " -b baseDN - Base DN that contains entries to fix
up.\n");
print(STDERR " -f filter - Filter for entries to fix up\n");
- print(STDERR " If omitted, all entries under the
specified\n");
- print(STDERR " base will have their memberOf attribute
regenerated.\n");
+ print(STDERR " If omitted, all entries with objectclass
inetuser/inetadmin under the\n");
+ print(STDERR " specified base will have their memberOf
attribute regenerated.\n");
print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses
most secure protocol available)\n");
print(STDERR " -v - Verbose output\n");
print(STDERR " -h - Display usage\n");
diff --git a/ldap/servers/plugins/memberof/memberof.c
b/ldap/servers/plugins/memberof/memberof.c
index 8fcc88c..1c50b67 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -2393,7 +2393,7 @@ int memberof_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
goto out;
}
- if ((filter = fetch_attr(e, "filter", "(objectclass=inetuser)")) ==
NULL)
+ if ((filter = fetch_attr(e, "filter",
"(|(objectclass=inetuser)(objectclass=inetadmin))")) == NULL)
{
*returncode = LDAP_OBJECT_CLASS_VIOLATION;
rv = SLAPI_DSE_CALLBACK_ERROR;
diff --git a/man/man8/fixup-memberof.pl.8 b/man/man8/fixup-memberof.pl.8
index 250997d..7716a58 100644
--- a/man/man8/fixup-memberof.pl.8
+++ b/man/man8/fixup-memberof.pl.8
@@ -46,7 +46,8 @@ The name of the file that contains the root DN password.
The DN of the subtree containing the entries to update.
.TP
.B \fB\-f\fR \fIfilter\fR
-An LDAP query filter to use to select the entries within the subtree to update. If there
is no filter set, then the memberOf attribute is regenerated for every entry in the
subtree.
+An LDAP query filter to use to select the entries within the subtree to update. If there
is no filter set, then
+the memberOf attribute is regenerated for every entry in the subtree that has the
objectclass inetuser/inetadmin.
.TP
.B \fB\-P\fR \fIprotocol\fR
The connection protocol to connect to the Directory Server. Protocols are STARTTLS,
LDAPS, LDAPI, and LDAP.