[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema definition precedence

To: Dave Horsfall <daveh@ci.com.au>
Subject: Re: schema definition precedence
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Tue, 24 Jun 2003 07:03:49 -0400 (EDT)
Cc: OpenLDAP Software List <openldap-software@OpenLDAP.org>
In-reply-to: <20030624145754.G88024@mippet.ci.com.au>
References: <20030624040807.GC1587@athomson.prv.au.itouchnet.net> <20030624145754.G88024@mippet.ci.com.au>

Today at 3:00pm, Dave Horsfall wrote:

> Never, ever, change a standard definition.

As a general rule that's nice.  As a practical matter there are gastly 
mistakes (such as facsimileTelephoneNumber, which doesn't provide ANY 
search capability) which require correction to be usable.

Another example is uid, which is a security hole the size of Texas -- 
allowing substring matches so spammers can grab all your addresses!  If 
you want to use uid (and not have to redefine [like I am about to] every 
objectClass that uses uid), you HAVE to modify it to remove substring 
searches or you become a spam magnet.

Just my two cents (it's worth exactly what you paid for it)

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===

Follow-Ups:
- Re: schema definition precedence
  - From: Michael Ströder <michael@stroeder.com>

References:
- schema definition precedence
  - From: Andrew Thomson <ajthomson@optushome.com.au>
- Re: schema definition precedence
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: Re: schema definition precedence
Next by Date: ldap authentication for redhat
Index(es):
- Chronological
- Thread