[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: hdb -- moving olc* objects -- expected behavior?
> On Sat, Aug 26, 2006 at 05:04:13PM +0200, Pierangelo Masarati wrote:
>> >if the behavior is expected, is there any way to detect
>> >from the schema returned by the ldapserver that the attribute/object
>> >has a different behavior?
>> The reason is quite simple, although subtle: olcModuleLoad has X-ORDERED
>> 'VALUES' schema extension, an OpenLDAP reserved extension that is used
>> for internal purposes.
> is it possible to detect this by looking at the schema returned
> by the ldap server? or do I have to add something like 'for openldap,
> avoid those attributes'... ?
Look for "X-ORDERED 'VALUES'" in the attributeType definition in the
"cn=subschema"
>> The real point is that olc* stuff shouldn't be used for any purpose
>> other than built-in configuration via back-config.
> What if someone wants to build a directory listing all the configurations
> of its own thousand servers, or its own thousands 'standard setups'?
... don't use ordered values in the RDN.
>> I note that attributes with X-ORDERED 'VALUES' extension should not
>> be allowed in RDN; another option would be to remove the ordering
>> portion when checking for DN /entry consistency, but I'd regard
>> this as a flawed entry naming design rather than a feature.
> I'll change the code, but IMHO it looks already quite flawed to
> have attributes that look exactly like other attributes, but
> behave differently in such a subtle way...
I've added (to HEAD) a check that disallows X-ORDERED 'VALUES' attributes
as naming attributes. This will prevent their erroneous use, and avoid
further issues.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------