Add the admin DN as a dummy member instead of the group DN (when using rfc2307bis)
When using rfc2307bis, group objects cannot have an empty set of member, so FD adds the dn of the group itself as a dummy member as long as the group doesn't have a real member. There's a problem with this for some version of OpenLDAP (at least 2.4.23) and the memberOf overlay: it creates a recursive loop which just hang slapd. See the following links for more info on the issue:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6670
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618904
The problem has been fixed upstream in OpenLDAP, but the fix hasn't been backported to some distro, including EL6. To workarround the issue, I've made the attached patch which add the admin DN as a dummy member instead of the group DN.
Not sure if it worth to include this fix, but for me it makes more sense to add the admin DN as a member, and it makes my memberOf overlay happy. Anyway, even if you close as rejected, the patch will be available for those who want it ;-)
(from redmine: issue id 2635, created on 2013-08-17, closed on 2013-08-28)
- Changesets:
- Revision 565e6594 by Benoit MORTIER on 2013-08-28T07:15:03.000Z:
Fixes: #2635 Add the admin DN as a dummy member instead of the group DN (when using rfc2307bis)
- Custom Fields:
- Bug in version: 1.0.6
- Uploads: