Logged in as guest
Viewing Incoming/7446 Full headers
Major security issue: yes no
Notes: Notification:
Date: Mon, 19 Nov 2012 21:24:43 +0000 From: michael@stroeder.com To: openldap-its@OpenLDAP.org Subject: slapadd OBSOLETE object class fails
Full_Name: Michael Str.der Version: HEAD OS: URL: Submission from: (NULL) (79.227.170.198) Importing an LDIF file with slapadd which contains entries with an object class marked as OBSOLETE in the schema fails. Importing entries with OBSOLETE attribute types seems to work just fine. If object classes are marked as OBSOLETE it's clear that it should be impossible to add new entries via LDAP based on such an object class. But it should still be possible to restore old entries from backup.
Date: Mon, 19 Nov 2012 22:48:29 +0100 Subject: Re: (ITS#7446) slapadd OBSOLETE object class fails From: "Pierangelo Masarati" <masarati@aero.polimi.it> To: michael@stroeder.com Cc: openldap-its@openldap.org
> Full_Name: Michael Str.der > Version: HEAD > OS: > URL: > Submission from: (NULL) (79.227.170.198) > > > Importing an LDIF file with slapadd which contains entries with an object > class > marked as OBSOLETE in the schema fails. > > Importing entries with OBSOLETE attribute types seems to work just fine. > > If object classes are marked as OBSOLETE it's clear that it should be > impossible > to add new entries via LDAP based on such an object class. But it should > still > be possible to restore old entries from backup. Currently, slap_tool_entry_check() sets "manage" to 0 when calling entry_schema_check(); setting it to !0 would allow loading of OBSOLETE objectClasses. Maybe "manage" should be passed to slap_tool_entry_check(), and write tools (slapadd, slapmodify) could have an explicit '-o manage' option to enable handling of these cases. p. -- Pierangelo Masarati Associate Professor Dipartimento di Ingegneria Aerospaziale Politecnico di Milano
Date: Mon, 19 Nov 2012 23:12:16 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: masarati@aero.polimi.it CC: openldap-its@openldap.org Subject: Re: (ITS#7446) slapadd OBSOLETE object class fails
masarati@aero.polimi.it wrote: > Maybe "manage" should be passed to > slap_tool_entry_check(), and write tools (slapadd, slapmodify) could have > an explicit '-o manage' option to enable handling of these cases. I'd regard slapadd to be in kind of a manage mode by default. E.g. it does not check constraints. And as said OBSOLETE attribute types are already accepted. Ciao, Michael.
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
