https://bugzilla.redhat.com/show_bug.cgi?id=557224 I revised the patch based upon the comments from Andrey (Thank you!!). Comment from andrey.ivanov@xxxxxxxxxxxxxxxx: The patch you provided does take into account the modRDN with new superior but it does not seem to take care of subtree renames (smth like rename "ou=users" to "ou=utilisateurs" with child entries). For subtree renames all the entries in the renamed subtree change their DNs so for each of these renamed entries we have to make the search "slapi_search_internal_set_pb(search_result_pb, search_base, LDAP_SCOPE_SUBTREE, filter, attrs..." with a different filter. So for each modrdn we should verify if the renamed entry has any child entries and if it is the case then treat them either directly or recursively... [Fix Description] The referential integrity plugin has not supported the subtree rename (modrdn with newsuperior). This patch is adding the support. There are 2 typical cases. (case 1) DN that modrdn modifies matches the value of attributes which is the target of the referential integrity. E.g., modrdn: uid=A,ou=B,o=C --> uid=AA,ou=BB,o=C then, member: uid=A,ou=B,ou=C --> uid=AA,ou=BB,ou=C seeAlso: uid=A,ou=B,ou=C --> uid=AA,ou=BB,ou=C (case 2) DN that modrdn modifies is the ancestor of the value of attributes which is the target of the referential integrity. E.g., modrdn: ou=B,o=C --> ou=BB,o=C then, member: uid=A,ou=B,ou=C --> uid=A,ou=BB,ou=C seeAlso: uid=A,ou=B,ou=C --> uid=A,ou=BB,ou=C [Proposed patch] --> (https://bugzilla.redhat.com/attachment.cgi?id=387204) git patch for ldap/servers/plugins/referint/referint.c -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
