[Date Prev][Date Next]
Invalid Add operations allowed (ITS#2243)
Full_Name: Ganesan R
OS: Debian GNU/Linux 3.0
Submission from: (NULL) (188.8.131.52)
All versions of openldap allow the creation of a dn with a cn attribute even if
the objectclass doesn't include a cn. For example, I can add the following
object without an error.
In case of a locality, which does not even locality as a MUST attribute,
the following ldif can be added successfully.
This bug exists for any objectclass that doesn't have cn as a must attribute.
You can also add a locality without specifying 'l' in the list of attributes,
since l is not a MUST attribute. I don't know if LDAP allows creation of
an object with no attribute being present for the RDN.