[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5312) ldapmodify(1) man page claims that "changetype:" not necessary

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5312) ldapmodify(1) man page claims that "changetype:" not necessary
From: h.b.furuseth@usit.uio.no
Date: Wed, 9 Jan 2008 14:08:08 GMT

Howard Chu writes:
> Hm... Where were you when we were originally discussing these changes?
> http://www.openldap.org/lists/openldap-devel/200611/msg00013.html
> http://www.openldap.org/lists/openldap-devel/200611/msg00022.html

Absent.  I did look at it though, but I didn't realize how far the
changes went.  See below.

> HEAD has been working this way for over a year, and it's clearly more
> correct in its behavior now than it was before.

True, the old way was quite broken as that thread shows.

>> If anything, the LDIF RFC could be revised instead.  This format has
>> been supported since umich ldap (before the LDIF RFC was written).
>
> That doesn't mean it has any relevance today; there's plenty of stuff
> UMich did that was long since deprecated.

True, but this was not deprecated that I know of.  So:

> It may be OK to revert this single aspect of the change. If you do so,
> just make sure that those other corner cases mentioned in the -devel
> thread are still handled correctly.

Changing the -devel thread's example a bit, I'd say 2.3 accepted one
dangerous bug, one unambigious but possibly misleading format (a modify
record both with and witout "add/delete/replace: attribute" lines), and
one safe format (changetype: modify but no add/delete/replace"):

dn: dc=example,dc=com
changetype: modify
add: cn
cn: foo
# bug: implicit "add: sn".  Since the "-" was optional, one might even
# expect the new attribute type to revert to the default "replace:".
sn: bar
-
# Safe after the "-" but possibly confusing - implicit "replace:
# description" and "replace: telephoneNumber"
description: xyzzy
telephoneNumber: 12345678

# OK: implicit "replace:" for everything
dn: dc=example,dc=com
changetype: modify
cn: foo
sn: bar
description: xyzzy
telephoneNumber: 12345678

Snipping a bit from the -devel thread:

Howard Chu wrote:
> (Did I mention that I've always thought the mod-spec definition was
> garbage? The format I use for the logschema has none of these problems
> or inefficiences...)

As far as I can tell Logschema doesn't support full LDIF modify though.
reqMod is unordered, so one cannot make two modifications to the same
attribute.  E.g. "delete: foo" followed by "replace: foo".

OTOH it would be an LDIF-compatible extension to make the attribute
description in "attribute: value" optional after "add/replace/delete:
attribute".  Then one could omit the terminating "-" too.

Maybe it's time to take this to the ldapext list and hear what others
do.

-- 
Hallvard

Prev by Date: Re: (ITS#5312) ldapmodify(1) man page claims that "changetype:" not necessary
Next by Date: Re: (ITS#5312) ldapmodify(1) man page claims that "changetype:" not necessary
Index(es):
- Chronological
- Thread