From 6f5f5e77ef25e4d4951b1cf16a7300ff19ea16b8 Mon Sep 17 00:00:00 2001
From: Valery Kharseko <vharseko@3a-systems.ru>
Date: Mon, 30 Mar 2026 07:52:36 +0000
Subject: [PATCH] Apply suggestions from code review
---
opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java | 31 +++++++++++++++++++++++++++++++
opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java | 21 +++++++++++++++++++++
2 files changed, 52 insertions(+), 0 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java b/opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java
index 7fe3553..53852eb 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java
@@ -1015,6 +1015,27 @@
Attribute modifiedAttribute = mod.getAttribute();
if (modifiedAttribute != null && !modifiedAttribute.isEmpty())
{
+ // Only enforce referential integrity on attributes that this plugin is configured to manage.
+ final AttributeType modifiedAttrType = modifiedAttribute.getAttributeType();
+ boolean isManagedAttributeType = false;
+ if (modifiedAttrType != null && attributeTypes != null)
+ {
+ for (AttributeType configuredType : attributeTypes)
+ {
+ if (modifiedAttrType.equals(configuredType)
+ || modifiedAttrType.isSubTypeOf(configuredType))
+ {
+ isManagedAttributeType = true;
+ break;
+ }
+ }
+ }
+
+ if (!isManagedAttributeType)
+ {
+ // Skip integrity checks for attributes not configured for this plugin.
+ continue;
+ }
PluginResult.PreOperation result =
isIntegrityMaintained(modifiedAttribute, entryDN, entryBaseDN);
if (result.getResultCode() != ResultCode.SUCCESS)
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java
index 671ec9e..95d3235 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java
@@ -1853,4 +1853,35 @@
"uniquemember", "uid=user.100,ou=people,ou=dept,dc=example,dc=com");
assertEquals(modOperation.getResultCode(), ResultCode.CONSTRAINT_VIOLATION);
}
+
+ @Test
+ public void testEnforceIntegrityModifyGroupAddMissingUniqueMemberWithPriorDelete() throws Exception
+ {
+ // Configure the plugin in the same way as for the single-ADD test.
+ replaceAttrEntry(configDN, "ds-cfg-enabled", "false");
+ replaceAttrEntry(configDN, dsConfigPluginType,
+ "postoperationdelete",
+ "postoperationmodifydn",
+ "subordinatemodifydn",
+ "subordinatedelete",
+ "preoperationadd",
+ "preoperationmodify");
+ addAttrEntry(configDN, dsConfigBaseDN, "dc=example,dc=com");
+ replaceAttrEntry(configDN, dsConfigEnforceIntegrity, "true");
+ replaceAttrEntry(configDN, dsConfigAttrType, "uniquemember");
+ addAttrEntry(configDN, dsConfigAttrFiltMapping,
+ "uniquemember:(objectclass=person)");
+ replaceAttrEntry(configDN, "ds-cfg-enabled", "true");
+
+ // Build a modify request with a non-ADD/REPLACE modification first,
+ // followed by an ADD of a uniquemember referencing a missing DN.
+ final ModifyRequest modifyRequest = newModifyRequest(DN.valueOf(ugroup));
+ modifyRequest.addModification(DELETE, "description");
+ modifyRequest.addModification(ADD, "uniquemember",
+ "uid=user.100,ou=people,ou=dept,dc=example,dc=com");
+
+ final InternalClientConnection connection = getRootConnection();
+ final ModifyOperation multiModOperation = connection.processModify(modifyRequest);
+ assertEquals(multiModOperation.getResultCode(), ResultCode.CONSTRAINT_VIOLATION);
+ }
}
--
Gitblit v1.10.0