[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#6439

To: openldap-its@OpenLDAP.org
Subject: Re: ITS#6439
From: h.b.furuseth@usit.uio.no
Date: Tue, 5 Jan 2010 20:56:32 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

j@telepaths.org writes:
> For compatibility reasons, It may well be in OpenLDAP's best interest to
> provide options such as the ones I described previously, for "broken" or
> "substandard" clients such as the ones I am using.

If someone (you?) cares enough, they can write an overlay to
the OpenLDAP slapd frontend which intercepts searches with
(baseObject="", scope=wholeSubtree) and changes the scope of
the operation to baseObject.  That shouldn't be much code.

A server using this overlay must not have a database with suffix "",
since this would break subtree searches in that database.

> I will point out that Solaris 11 doesn't exhibit these issues ---- But
> my company wants to use Solaris 10, which leaves me in the middle of a
> finger pointing party between OPENLDAP and SUN.  So you can understand
> why I might be asking for something as strange as this ....
> 
> SUN says OpenLDAP's standard/methods are questionable & strange. 
> OpenLDAP says Sun's client is broken and that we should hack it.   I say
> screw Solaris 10.

Are they saying it somewhere public?  I'm sure there are some OpenLDAP
things they disagree with (I do too), but on this, RFC 4512 section 5.1
is quite clear, not to say loud:

   "The root DSE SHALL NOT be included if the client performs a subtree
   search starting from the root."

(Onelevel search is not relevant in this context since it wouldn't
return the baseobject anyway.)

-- 
Hallvard

Prev by Date: Re: ITS#6439
Next by Date: Re: ITS#6439
Index(es):
- Chronological
- Thread