[Date Prev][Date Next]
(ITS#3876) normalization of generated credentials when using ldapi
Full_Name: Pierangelo Masarati
Submission from: (NULL) (22.214.171.124)
Submitted by: ando
In daemon.c, when using ldapi, the identity of the peer was being set to
whithout normalizing it thru the dnNormalize routine; however, slapd would have
normalized it this way
note the differences in the order and case of the AVAs.
I suggest the latter normalized form is used, to avoid some inconsistencies e.g.
in ACLs and in authz-regexp rules (note that a direct comparison between the
generated and a normalized value would be impossible).
I've patched HEAD to produce the new, consistent behavior; I realize this is
going to break many existing configurations, so it would'nt be acceptable,
unless we consider that 2.3 is only close to its second release as general use.
Please backout if unacceptable, or suggest the appropriate means for advertizing
the change (other than searching the ITS).