On Mon, Jan 8, 2018 at 11:34 PM, Craig Russell <apache....@gmail.com> wrote:
>
>> On Jan 8, 2018, at 7:32 PM, Sam Ruby <ru...@intertwingly.net> wrote:
>>
>> On Mon, Jan 8, 2018 at 7:07 PM, Craig Russell <apache....@gmail.com> wrote:
>>> /Users/clr/apache/git/whimsy/lib/whimsy/asf/ldap.rb:260:in `modify': Object
>>> class violation (LDAP::ResultError)
>>>
>>> And error reporting is not great. I guess more checking is needed but
>>> Object class violation is not very informative.
>>
>> Oh, and AGREED!
>>
>> LDAP sucks. You want to add zero members: Object class violation.
>> You want to add somebody who is already a member: Object class
>> violation. You want to remove somebody who is not a member: Object
>> class violation.
>>
>> That's why the action that caused the error is logged. In this case:
>>
>> LDAP_MOD_DELETE
>> {"member"=>[]}>
>> cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org
>>
>> Here you are deleting nobody. That apparently is not allowed.
>
> Seems like there is some error checking that could be done in the ldap.rb
> code.
>
> Here is the remove code from lib/whimsy/asf/ldap.rb :
>
> # remove people from this service in LDAP
> def remove(people)
> @members = nil
> people = (Array(people) & members).map(&:dn)
> ASF::LDAP.modify(self.dn, [ASF::Base.mod_delete('member', people)])
> ensure
> @members = nil
> end
>
> Who wrote this code?
That would be me.
> Would it be possible for this code to check before calling ASF::LDAP.modify
> that the member actually exists already?
The line above it takes the intersection between the list of people
passed to remove and the current set of members. So if a person who
is not a member of the service is passed in, they will be silently
removed from the set.
I'm not sure how to refactor it, but there are add and remove methods
for a number of LDAP objects: Committee, Project, etc.
- Sam Ruby
> Craig
>
>> - Sam Ruby
>>
>> - Sam Ruby
>
> Craig L Russell
> Secretary, Apache Software Foundation
> c...@apache.org http://db.apache.org/jdo
>
