[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Add operations allowed (ITS#2243)

To: openldap-its@OpenLDAP.org
Subject: Re: Invalid Add operations allowed (ITS#2243)
From: Kurt@OpenLDAP.org
Date: Thu, 30 Jan 2003 21:59:44 GMT

At 12:21 PM 1/30/2003, ando@sys-net.it wrote:

>> At 11:10 PM 1/29/2003, ntb@mts.ru wrote:
>>>example from original message:
>>>
>>>---
>>>dn: cn=mycountry,dc=mycompany,dc=com
>>>objectclass: country
>>>c: mycountry
>>>---
>>
>> As I noted to Ando, the above entry is invalid.  An attempt
>> to add such should result in an error such as noSuchAttribute.
>
>... which is now the current behavior of slapd.
>The only allowed cases, pending review, are:
>
>dn: ou=Guests,dc=my,dc=org
>objectClass: alias
>aliasedObjectName: ou=People,dy=my,dc=org

Invalid.  Should have:
        ou: Guests

as well as an additional objectClass (or DIT Content Rule) which
allows ou to be present in the alias.

>and
>
>dn: ou=Guests,dc=my,dc=org
>objectClass: referral
>ref: ldap://ldap.your.org/ou=People,dc=my,dc=org

Invalid.  Should have:
        ou: Guests

as well as an additional objectClass (or DIT Content Rule) which
allows ou to be present in the referral.

>which eventually (as exemplified in RFC3296) should be turned into

No.  The client is responsible for providing a proper
entry.  The server is responsible for ensuring that no
improper entry is added.  The server should NOT turn
an improper entry into a proper entry.

>and thus also comply with RFC2251.
>
>I've added a /* FIXME */ in this sense in servers/slapd/add.c

The fix is to remove the /* FIXME */ stuff.  There are no
special alias/referral cases here.

Kurt

Prev by Date: Re: Invalid Add operations allowed (ITS#2243)
Next by Date: Re: Invalid Add operations allowed (ITS#2243)
Index(es):
- Chronological
- Thread