[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)

To: openldap-its@OpenLDAP.org
Subject: slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)
From: mg@netspeed.com.au
Date: Tue, 13 Apr 2004 02:03:22 GMT

Full_Name: Michael Glasson
Version: 2.2.7
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.12.252.12)


slapd exits when processing a saslAuthzTo attribute which is not formatted
correctly.

A saslAuthzTo like "uid=mg,ou=person,dc=mynym,dc=net" is processed as you would
expect, allowing the authentication id to authorize as the target entry.

A saslAuthzTo like "dn.regex:uid=.*,ou=person,dc=mynym,dc=net" is also processed
as you would expect, allowing the authentication id to authorize as an entry in
the target subtree.

A saslAuthzTo like "dn.subtree:ou=person,dc=mynym,dc=net" causes slapd to exit
immediately.

I understand that saslAuthzTo entries of forms other than "dn.regex:..." may not
be supported, but I do not imagine that slapd should die when it processes an
unsupported saslAuthzTo.

Prev by Date: RE: Simple paging causes certain searches to not use index? (ITS#3076)
Next by Date: Re: slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)
Index(es):
- Chronological
- Thread