Environment
Novell eDirectory 8.7.3.9 for All Platforms
Novell eDirectory 8.8 for All Platforms
Situation
This scenario has been tested on SLES 10 with eDir 8.7.3.9,
8.8.1 and 8.8.2:
- Create a user
- Create a group
- Add the user to the group
- Run an instance of LDAP event monitoring against any of the replicas holding the group. Be sure to "register" for the EVT_DELETE_VALUE event for the Group object class
- Remove the user from the group: the event monitoring instance will correctly report that a delete for attribute 'member' with a value of the 'user DN' was removed from the group
- Add the user back to the group
- Delete the user: the event monitoring instance will incorrectly report that a delete for attribute 'member' with a value of '' (null) was removed from the group
It appears that the event monitor is failing to report the
user DN when a user is removed from a group by way of the user
object being deleted, as opposed to just having the group
membership removed.
Resolution
This has been fixed already with the latest eDirectory
patches.