Fixed handling of modify operations that delete all present member

values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097
2025-01-19 20:52:57 -06:00 · 2008-03-28 08:56:06 -07:00 · 2008-03-28 08:56:06 -07:00 · 80149d9f11
commit 80149d9f11
parent 767acbee06
1 changed files with 13 additions and 2 deletions
--- a/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c
+++ b/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c
@ -652,8 +652,19 @@ int ipamo_postop_modify(Slapi_PBlock *pb)
 				
 				case LDAP_MOD_DELETE:
 					{
-						/* remove group DN from targets */
-						ipamo_del_smod_list(pb, dn, smod);
+						/* If there are no values in the smod, we should
+						 * just do a replace instead.  The  user is just
+						 * trying to delete all members from this this
+						 * entry, which the replace code deals with. */
+						if (slapi_mod_get_num_values(smod) == 0)
+						{
+							memberof_replace_list(pb, dn);
+						}
+						else
+						{
+							/* remove group DN from target values in smod*/
+							memberof_del_smod_list(pb, dn, smod);
+						}
 						break;
 					}