[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [Models] An attribute value should be equal to self
Steven Legg <steven.legg@eb2bcom.com>
> I will have to review that discussion yet again soon...
>
> It was a short thread:
> http://www.openldap.org/lists/ietf-ldapbis/200411/msg00190.html
Ah, thanks.
Kurt D. Zeilenga writes:
>At 05:20 PM 3/7/2005, Steven Legg wrote:
>> I dislike it too. I would prefer that LDAPprep removes troublesome
>> characters instead of failing.
I'm not sure that is right; it might be better to translate them to some
otherwise unused character or leave them alone or something. Or let
EQUALITY match use a fallback which does not do LDAPprep if LDAPprep
fails, like Rici suggested.
> It is not clear to me that X.500 requires for every equality
> matching rule R and every value X of the applicable attribute
> value syntax that:
> R( X, X ) == TRUE
>
> In absence of a guarantee that R( X, X) is always TRUE,
> the [Models] statement in necessary.
Necessary for what?
In view of the above thread, security is the only remaining argument
I remember which I buy for letting LDAPprep fail AND letting mess up
everything else, and that's because I do not know Unicode nearly well
enough to judge the security issues.
--
Hallvard