Ticket 47315 - filter option in fixup-memberof requires more clarification

Bug Description:  The usgae/documentaton states that if you don't supply a filter,
                  then "all" the entries will be checked.  Actually only users that
                  have "objectclass: inetuser" are checked.

Fix Description:  Added another objectclass to the default query, inetadmin.
                  inetuser & inetadmin are the only standard objectclasses that have
                  memberOf in thier definitions.  Also updated the man page, and the
                  script usage to state what the internal query/filter is.

https://fedorahosted.org/389/ticket/47315

Reviewed by: richm(Thanks!)

ldap/admin/src/scripts/fixup-memberof.pl.in

@@ -61,8 +61,8 @@ sub usage {
     print(STDERR "        -j filename  - Read Directory Manager's password from file\n");
     print(STDERR "        -b baseDN    - Base DN that contains entries to fix up.\n");
     print(STDERR "        -f filter    - Filter for entries to fix up\n");
-    print(STDERR "                       If omitted, all entries under the specified\n");
-    print(STDERR "                       base will have their memberOf attribute regenerated.\n");
+    print(STDERR "                       If omitted, all entries with objectclass inetuser/inetadmin under the\n");
+    print(STDERR "                       specified base will have their memberOf attribute regenerated.\n");
     print(STDERR "        -P protocol  - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n");
     print(STDERR "        -v           - Verbose output\n");
     print(STDERR "        -h           - Display usage\n");

ldap/servers/plugins/memberof/memberof.c

@@ -2393,7 +2393,7 @@ int memberof_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
 		goto out;
 	}
 
-	if ((filter = fetch_attr(e, "filter", "(objectclass=inetuser)")) == NULL)
+	if ((filter = fetch_attr(e, "filter", "(|(objectclass=inetuser)(objectclass=inetadmin))")) == NULL)
 	{
 		*returncode = LDAP_OBJECT_CLASS_VIOLATION;
 		rv = SLAPI_DSE_CALLBACK_ERROR;

man/man8/fixup-memberof.pl.8

@@ -46,7 +46,8 @@ The name of the file that contains the root DN password.
 The DN of the subtree containing the entries to update. 
 .TP
 .B \fB\-f\fR \fIfilter\fR
-An LDAP query filter to use to select the entries within the subtree to update. If there is no filter set, then the memberOf attribute is regenerated for every entry in the subtree. 
+An LDAP query filter to use to select the entries within the subtree to update. If there is no filter set, then
+the memberOf attribute is regenerated for every entry in the subtree that has the objectclass inetuser/inetadmin. 
 .TP
 .B \fB\-P\fR \fIprotocol\fR
 The connection protocol to connect to the Directory Server.  Protocols are STARTTLS, LDAPS, LDAPI, and LDAP.