https://fedorahosted.org/389/ticket/47310 https://fedorahosted.org/389/attachment/ticket/47310/0001-Ticket-47310-Attribute-dsOnlyMemberUid-not-allowed-w.patch Bug description: When Posix Winsync API plug-in is configured with posixWinsyncMapMemberUid and posixWinsyncMapNestedGrouping enabled (true), Posix Group added to AD is synchronized to DS with mapped dsOnlyMemberUid and memberUid. When adding a Posix Group with the nested group member, addGroupMembership function adds "dynamicGroup" to objectClass to allow the Posix Group entry to have dsOnlyMemberUid. The add should be made against the entry in the memory since the entry is not yet stored in the database, but it was trying to modify against the backend. Fix description: This patch directly adds "dynamicGroup" to the objectclass valueset, by which the attribute "dsOnlyMemberUid" is allowed to add to the entry. In addition, 1) when reflecting the mapped memberUid on DS to AD, the logic was corrected to "if dsOnlyMemberUid matches memberUid", 2) when the Posix Group is nested in the multiple levels, the mapped memberUid was not retrieved. The code was added. -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
