[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5758) NO-OP control criticality

To: openldap-its@OpenLDAP.org
Subject: (ITS#5758) NO-OP control criticality
From: ando@sys-net.it
Date: Mon, 20 Oct 2008 21:01:02 GMT

Full_Name: Pierangelo Masarati
Version: HEAD/re24/re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


The latest draft I can find (14 February 2007) states that

                                               Clients MUST provide a
  criticality value of TRUE to prevent unintended modification of the
  directory.

As a consequence, I think the server could reject instances of this control with
a criticality of FALSE, to prevent its unintended use.  However, OpenLDAP's
slapd currently tolerates a criticality of FALSE, and OpenLDAP clients allow
users to use this control with a criticality of FALSE.  I think the clients need
to be fixed, and the server should prevent this improper use.  Also, the server
should check whether the control is used with operations not indicated in the
draft (i.e. non-write ops).

p.

Prev by Date: Re: (ITS#5625) memberOf search ACLs
Next by Date: Re: (ITS#5758) NO-OP control criticality
Index(es):
- Chronological
- Thread