File 0004-openldap-its9747.patch of Package openldap2

From bc659074ee5345e287ed8d872d9e128664172d60 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 11 Nov 2021 23:17:05 +0000
Subject: ITS#9747 dynlist: fix Compare for static groups

Fallback to static check if static groups are configured and
dynamic group check returns false.

diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c
index 9b63d459e..edfbf7c7c 100644
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -887,6 +887,13 @@ dynlist_compare( Operation *op, SlapReply *rs )
 				 * the assertion is FALSE rather than
 				 * UNDEFINED */
 				rs->sr_err = LDAP_COMPARE_FALSE;
+
+				/* If also using static groups, fallback to
+				 * vanilla compare
+				 */
+				if ( dlm->dlm_static_oc )
+					return SLAP_CB_CONTINUE;
+
 				break;
 			}
 
diff --git a/tests/data/dynlist.out b/tests/data/dynlist.out
index a5374c366..45dc1ff73 100644
--- a/tests/data/dynlist.out
+++ b/tests/data/dynlist.out
@@ -386,6 +386,10 @@ memberOf: cn=all staff,ou=groups,dc=example,dc=com
 memberOf: cn=alumni assoc staff,ou=groups,dc=example,dc=com
 memberOf: cn=dynamic list of members,ou=dynamic lists,dc=example,dc=com
 
+TRUE
+
+FALSE
+
 # Testing nested dynamic group functionality...
 dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
 objectClass: groupOfURLs
diff --git a/tests/scripts/test044-dynlist b/tests/scripts/test044-dynlist
index 689bb61d7..71b127160 100755
--- a/tests/scripts/test044-dynlist
+++ b/tests/scripts/test044-dynlist
@@ -808,6 +808,60 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
+echo "Testing static group member compare..."
+echo "# Testing static group member compare..." >> $SEARCHOUT
+$LDAPCOMPARE -H $URI1 \
+	"cn=all staff,ou=groups,$BASEDN" "member:cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" >> $SEARCHOUT
+RC=$?
+case $RC in
+5)
+	echo "ldapcompare returned FALSE ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+6)
+	echo "ldapcompare returned TRUE ($RC)"
+	;;
+0)
+	echo "ldapcompare returned success ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+*)
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing static group non-member compare (should return FALSE)..."
+echo "# Testing static group non-member compare (should return FALSE)..." >> $SEARCHOUT
+$LDAPCOMPARE -H $URI1 \
+	"cn=all staff,ou=groups,$BASEDN" "member:cn=Not A User,ou=Alumni Association,ou=People,$BASEDN" >> $SEARCHOUT
+RC=$?
+case $RC in
+5)
+	echo "ldapcompare returned FALSE ($RC)"
+	;;
+6)
+	echo "ldapcompare returned TRUE ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+0)
+	echo "ldapcompare returned success ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+*)
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+echo "" >> $SEARCHOUT
+
 echo "Reconfiguring slapd..."
 $LDAPMODIFY -x -D cn=config -H $URI1 -y $CONFIGPWF > \
 	$TESTOUT 2>&1 << EOMODS