[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Add operations allowed (ITS#2243)

I've reworked the RDN checks so that they are consistently
applied to add, mod[r]dn, and modify operations.  In the
later case, the check prevents modification of the attribute
of the entry in a manner inconsistent with the DN.

The checks are disabled by "schemacheck off"...

At 04:25 AM 2/6/2003, ando@sys-net.it wrote:
>>>> Could we make the non-BAILOUT behaviour (add RDN attributes
>>>> not specified in the entry) a configure- or run-time option?
>>>> Unfortunately we must deal with some clients, such as Active
>>>> Directory, that do not always include the RDN attribute in
>>>> the entry.
>>>Personally, I don't like it; however, it is currently
>>>a compile option: #undef BAILOUT in servers/slapd/add.c
>>>and you get the desired behavior.  It can be easily turned
>> I have done that (#undef BAILOUT) for the moment. However we
>> would prefer to use an unmodified OpenLDAP tree where possible...
>I'm in favour of having both behaviors in the main tree, with
>a preference for the BAILOUT case
>>>into a config option, but I'd consider it confusing and
>>>misleading.  Maybe it could be part of the "schemacheck off"
>> How about an undocumented option? :-)
>I'd prefer documented options.  Since I understand
>there may be need for this "soft" case, and since this would
>harmonize with the behavior of existing implementations,
>I would not oppose a config option, with default to BAILOUT,
>of course.
>Pierangelo Masarati