[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema violations not caught (ITS#398)

To: openldap-its@OpenLDAP.org
Subject: Re: Schema violations not caught (ITS#398)
From: kurt@boolean.net
Date: Wed, 15 Dec 1999 23:54:29 GMT

At 08:32 PM 12/14/99 GMT, dupuis@syntax.com wrote:
>Full_Name: Christopher DuPuis
>Version: 1.2.7 and 1.2.8
>OS: Solaris 2.6 (both x86 and Sparc)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (206.129.189.38)
>
>
>It is possible to add badly formed entries using either ldif2ldbm

ldif2ldbm doesn't do any schema checks.  It's a bulk loader.

> or ldapadd,

ldapadd should do schema checks (if enabled).

>regardless of whether or not "schemacheck" is set to "on" or "off".
>
>In slapd.conf, I changed schemacheck to "on", changed the suffix to "dc=syntax,
>dc=com",
>and changed rootDN to "cn=manager, dc=syntax, dc=com".
>
>Then, I used ldif2ldbm to load the following LDIF into the directory:
>
>dn: dc=syntax, dc=com
>dc: syntax
>objectclass: top
>objectclass: domain
>
>dn: cn=blargfoo, dc=syntax, dc=com
>objectclass: bogusObjectClass
>cn: blargfoo
>qux: 12345
>
>The second entry should cause an error, since I am using only the default oc and
>at files. 
>However, this succeeded. ldapsearch shows that both objects are in the
>directory.
>I can also add "cn=blargfoo, dc=syntax, dc=com", as above, to a running
>directory using ldapadd.

Retest with fresh database in which all entries are added using
ldapadd(1) (as outlined in the Quick Start Guide).

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

Prev by Date: Re: QUESTIONS (ITS#397)
Next by Date: [Fwd: Schema violations not caught (ITS#398)]
Index(es):
- Chronological
- Thread