[Date Prev][Date Next]
Re: Invalid Add operations allowed (ITS#2243)
I've reworked the RDN checks so that they are consistently
applied to add, mod[r]dn, and modify operations. In the
later case, the check prevents modification of the attribute
of the entry in a manner inconsistent with the DN.
The checks are disabled by "schemacheck off"...
At 04:25 AM 2/6/2003, email@example.com wrote:
>>>> Could we make the non-BAILOUT behaviour (add RDN attributes
>>>> not specified in the entry) a configure- or run-time option?
>>>> Unfortunately we must deal with some clients, such as Active
>>>> Directory, that do not always include the RDN attribute in
>>>> the entry.
>>>Personally, I don't like it; however, it is currently
>>>a compile option: #undef BAILOUT in servers/slapd/add.c
>>>and you get the desired behavior. It can be easily turned
>> I have done that (#undef BAILOUT) for the moment. However we
>> would prefer to use an unmodified OpenLDAP tree where possible...
>I'm in favour of having both behaviors in the main tree, with
>a preference for the BAILOUT case
>>>into a config option, but I'd consider it confusing and
>>>misleading. Maybe it could be part of the "schemacheck off"
>> How about an undocumented option? :-)
>I'd prefer documented options. Since I understand
>there may be need for this "soft" case, and since this would
>harmonize with the behavior of existing implementations,
>I would not oppose a config option, with default to BAILOUT,