After upgrading from 389-Directory/1.2.10.12 B2012.180.1623 to 389-Directory/1.2.11.15 B2013.100.2247 we noticed that the memberOf attribute had all characters converted to lowercase.
We run the memberOf-plugin to genereate memberOf.
(This might be a duplicate to Ticket #338, but i file it anyways)
Here is the current status
dn: cn=BiGCaSeGrp,ou=Groups,dc=com objectClass: top objectClass: groupOfNames cn: BiGCaSeGrp description: group used to tests memberof with Upper cases - Update the group dn: cn=BiGCaSeGrp,ou=Groups,dc=com changetype: modify add: member member: uid=t5,dc=com
- Search for the entry t5 the groups it is memberof (group has been lowercased)
dn: uid=t5,dc=com memberOf: cn=bigcasegrp,ou=groups,dc=com uid: t5 givenName: t objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: inetuser sn: 5 cn: t 5
}}}
Here are the next steps
This change was introduced on purpose by https://fedorahosted.org/389/ticket/412 (in 1.2.11.12). The reason was to reduce the number of call of DN normalization in order to improve performance of memberof plugin.
I think that this attribute being generated/stored by the server itself, the ldapclient should not make any assumption whether it will be normalized or not when it is returned
I was not able to measure a performance hit with/without the fix This is not a surprise has like stated with ticket412 it is difficult to measure a throughput/response time impact due to the number dn normalization
I measure an increase of 1% of the number of call of slapi_dn_normalization. test case was: add 1000 entries, set those 1000 entries as member of a group, search 'memberof' on those entries, remove those 1000 entries from the group, search 'memberof on those entries.
attachment 0001-Ticket-47398-memberOf-on-a-user-is-converted-to-lowe.patch
Reason of the additional calls to slapi_dn_normalized: When adding a member entry to a groupA, memberof plugins computes the set of groups that the entry is now belonging to. If the groupA is itself member of groupB, the groupB is added to the set and recursively it checks if groupB is member of an other group.
The groups in that set are now not normalized. In order to add a group in that set, it needs first to normalized the groups already in the set (to avoid duplicate).
The fix could be improved so that we have two sets. One normalized (to check addition in the set), the other unnormalized that contains the values that will be added as memberof attribute.
attachment 0002-Ticket-47398-memberOf-on-a-user-is-converted-to-lowe.patch
Looks good! Just a terminology issue, but slapi_sdn_get_dn returns a normalized DN (just not case lowered). The difference between the DNs returned from slapi_sdn_get_dn and slapi_sdn_get_ndn is the upper/lower-case only. With your patch, the original upper/lower-case is reserved, but the memberof value to be stored is normalized.
push in master
git merge ticket47398 Updating 76abd73..04b6137 Fast-forward ldap/servers/plugins/memberof/memberof.c | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-)
git push origin master Counting objects: 13, done. Delta compression using up to 4 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.54 KiB, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 76abd73..04b6137 master -> master
commit 04b6137 Author: Thierry bordaz (tbordaz) tbordaz@redhat.com Date: Tue Oct 8 10:29:42 2013 +0200
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1044180
Metadata Update from @tbordaz: - Issue assigned to tbordaz - Issue set to the milestone: 1.3.3 - 10/13 (October)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/735
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.