Re: (ITS#6823) unknown attrs in pcache attrsets may be useful

[masarati@aero.polimi.it]

> masarati@aero.polimi.it wrote:
>> Full_Name: Pierangelo Masarati
>> Version: HEAD/re24
>> OS: irrelevant
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (2.40.14.92)
>> Submitted by: ando
>>
>>
>> Currently attributes in pcache attrsets must be defined.  As far as I
>> recall
>> this was introduced to catch misconfigurations (e.g. a typo would have
>> silently
>> resulted in erroneous caching).  However, one may wish to cache attrs
>> whose
>> schema is not known.  I've modified pcache to allow undef:attrname in
>> attrsets,
>> so the administrator needs to know what he's doing.  The "undef:" is
>> stripped
>> during parsing, but slapd will not complain and the administrator.
>
> I think this is a mistake. Anything slapd handles must have a defined
> schema.
> Probably the recent patches for back-ldap to support undefined filters are
> also a mistake. We have already documented that schema must be provided in
> order to get proper functioning of e.g. back-ldap. There is no reason to
> relax
> this requirement since one can always obtain the relevant schema from the
> target server.

I understand your point and I fully agree with it.  However, we have been
swaying between these two extremes many times, and there's always some
good reason to need strictness as well as (some) relaxation.

I think this ITS' solution approach represents a reasonable trade-off: we
require schema to be defined, but we accept that it's not provided the
admin knows what he's doing.  I'm prepared to back this feature out as
soon as it creates harm.

p.