From 71f373ee60a856c7817d769b64319b645b7729a2 Mon Sep 17 00:00:00 2001
Message-Id: <71f373ee60a856c7817d769b64319b645b7729a2.1589277295.git.hahn@univention.de>
From: Philipp Hahn <hahn@univention.de>
Date: Tue, 12 May 2020 11:46:10 +0200
Subject: [PATCH v2] Bug #46590 replication.py: Replicate memberOf
Organization: Univention GmbH, Bremen, Germany

unless slapd overlay module is disabled.

LDAP attribute names are case-insensitive, so use a normalized set().
---
 .../replication.py                            | 29 +++++++++----------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/management/univention-directory-replication/replication.py b/management/univention-directory-replication/replication.py
index 97d69e7a80..dfa1660e32 100644
--- a/management/univention-directory-replication/replication.py
+++ b/management/univention-directory-replication/replication.py
@@ -73,20 +73,19 @@ LDIF_FILE = os.path.join(STATE_DIR, 'failed.ldif')
 ROOTPW_FILE = '/etc/ldap/rootpw.conf'
 CURRENT_MODRDN = os.path.join(STATE_DIR, 'current_modrdn')
 
-EXCLUDE_ATTRIBUTES = [
+EXCLUDE_ATTRIBUTES = set(attr.lower() for attr in {
 	'subschemaSubentry',
 	'hasSubordinates',
 	'entryDN',
-	'memberOf', 'MEMBEROF',
-	'authTimestamp', 'AUTHTIMESTAMP',
-	'pwdChangedTime', 'PWDCHANGEDTIME',
-	'pwdAccountLockedTime', 'PWDACCOUNTLOCKEDTIME',
-	'pwdFailureTime', 'PWDFAILURETIME',
-	'pwdHistory', 'PWDHISTORY',
-	'pwdGraceUseTime', 'PWDGRACEUSETIME',
-	'pwdReset', 'PWDRESET',
-	'pwdPolicySubentry', 'PWDPOLICYSUBENTRY',
-]
+	'authTimestamp',
+	'pwdChangedTime',
+	'pwdAccountLockedTime',
+	'pwdFailureTime',
+	'pwdHistory',
+	'pwdGraceUseTime',
+	'pwdReset',
+	'pwdPolicySubentry',
+} | (set() if listener.baseConfig.is_true("ldap/overlay/memberof") else {'memberOf',}))
 
 # don't use built-in OIDs from slapd
 BUILTIN_OIDS = [
@@ -566,13 +565,13 @@ def connect(ldif=0):
 
 
 def addlist(new):
-	return [kv for kv in new.items() if kv[0] not in EXCLUDE_ATTRIBUTES]
+	return [kv for kv in new.items() if kv[0].lower() not in EXCLUDE_ATTRIBUTES]
 
 
 def modlist(old, new):
 	ml = []
 	for key, values in new.items():
-		if key in EXCLUDE_ATTRIBUTES:
+		if key.lower() in EXCLUDE_ATTRIBUTES:
 			continue
 
 		if key not in old:
@@ -597,7 +596,7 @@ def modlist(old, new):
 		ml.append((ldap.MOD_REPLACE, key, values))
 
 	for key in old:
-		if key in EXCLUDE_ATTRIBUTES:
+		if key.lower() in EXCLUDE_ATTRIBUTES:
 			continue
 		if key not in new:
 			ml.append((ldap.MOD_DELETE, key, []))
@@ -836,7 +835,7 @@ def handler(dn, new, listener_old, operation):
 				match = 0
 			else:
 				for k in old:
-					if k in EXCLUDE_ATTRIBUTES:
+					if k.lower() in EXCLUDE_ATTRIBUTES:
 						continue
 					if k not in listener_old:
 						ud.debug(ud.LISTENER, ud.INFO, 'replication: listener does not have key %s' % (k,))
-- 
2.20.1