Hi,
I'm working on writing an custom authorization app on top of openldap. I am currently using openldap version 2.4.26, and using the c api to interact with it. I am trying to use the memberof overlay with memberof−dangling set to error and memberof−refint set to true. I noticed a weird issue which happens here. Steps: 1. I add a group with one/zero members who is present in the system. 2. I update the group with one or more non existent users using ldap_modify_ext with mod_op as LDAP_MOD_REPLACE. In this case, ldap throws up the error 'send_ldap_result: err=19 matched="" text="adding non-existing object as group member" ' , but still goes ahead and adds the non existing member to the group even though the operation should fail. Note that in the "memberof−dangling drop" case the non existent users are not added, though no error is thrown. This seems to be working as expected. Also doing ldap_modify_ext with LDAP_MOD_ADD works as expected too, where the same error this thrown but users are not added. Am I missing something? My slapd.conf has the following relevant configurations: overlay memberof memberof-group-oc customGroup memberof-dangling error memberof-refint true Thanks, Vikram [Reposting as I do not see my first attempt in the archives]
