directory-server icon indicating copy to clipboard operation
directory-server copied to clipboard
verified publisher icon apache

DIRSERVER-1844 adding automatic memberOf attributes

Open DaanHoogland opened this issue 6 years ago • 7 comments

not sure what the WIP and PoC procedures in this project are. I think the discussion on this on the mail list and in the jira ticket is about to conclude but not quite yet. this to get familiar with the code and see if i am in the right direction/ask question. please review if you will.

DaanHoogland avatar Sep 04 '19 09:09 DaanHoogland

@elecharny can you give a pointer for testing this?

DaanHoogland avatar Sep 04 '19 15:09 DaanHoogland

Looks like my best try is going to be SimpleBindIT as a template. will give it a go.

DaanHoogland avatar Sep 06 '19 09:09 DaanHoogland

Hi Daan,

sorry for the delay, was just under the water those last days...

I'm integrating your code and reviewing it.

elecharny avatar Sep 16 '19 22:09 elecharny

Hi @elecharny thanks. I think it is far from done. I left some todo like comments and doe not know if this is easily testable in a short development cycle. please if you feel like give some more guidance.

DaanHoogland avatar Sep 18 '19 12:09 DaanHoogland

Hello all,

I need this functionality too, so I've had a look yesterday. I've managed to advance quite a bit but I got stuck, so I'd like to ask for some input. Attached below is my current code (I can clean it up and do a proper PR once it works).

TL;DR: how do you use an ExprNode in an EntryFilter?

What currently works:

  • lookup works and adds the memberOf attributes
  • search also adds the memberOf attributes

What doesn't:

  • search can't search on memberOf (necessary for most use cases)

My approach in search is that I first remove any part of the filter ExprNode that checks memberOf (otherwise it returns empty since the attribute isn't set on entries):

        ExprNode filter = searchContext.getFilter() ;
        ExprNode newfilter = (ExprNode) filter.clone().accept(new RemoveMemberOfFilterVisitor()) ;
        if(newfilter == null)
            newfilter = ObjectClassNode.OBJECT_CLASS_NODE ;
        searchContext.setFilter(newfilter);

Then I call next, and on the resulting cursor I add a filter that adds the memberOf attributes.

Finally, I should apply the original ExprNode filter on the modified entry that now has memberOf. But I can't for the life of me figure out how to do that.

Any help would be most welcome :-)

Thanks, Arthur

MemberOfInterceptor.txt

alesuiss avatar Oct 02 '19 10:10 alesuiss

thanks for stepping up @alesuiss,

I have a question on your approach; intuitively I'd say with a member of filter, you would start at the group for which membership is required and then go through the rest of the filters on the resulting members, after adding the automating attribute. Why do you keep it for last? Part of a reason i could give myself: you don't know if the memberof filter contains somekind of indirection as well. I just curious of how these things are handled in ldap and what your thinking is.

BTW feel free to use my commits (under apache 2 license) or create PR to my branch and we can join forces.

DaanHoogland avatar Oct 02 '19 12:10 DaanHoogland

AFAIK all I can do is 1) act on the query string and 2) act on the result cursor to filter. But I'm totally new to this codebase, and maybe my approach is not the right/best one.

But I'm pretty sure it would work :-) if only I could figure out how to use that damn ExprNode

alesuiss avatar Oct 02 '19 12:10 alesuiss