[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3876) normalization of generated credentials when using ldapi

Full_Name: Pierangelo Masarati
Version: HEAD
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: ando

In daemon.c, when using ldapi, the identity of the peer was being set to


whithout normalizing it thru the dnNormalize routine; however, slapd would have
normalized it this way


note the differences in the order and case of the AVAs.

I suggest the latter normalized form is used, to avoid some inconsistencies e.g.
in ACLs and in authz-regexp rules (note that a direct comparison between the
generated and a normalized value would be impossible).

I've patched HEAD to produce the new, consistent behavior; I realize this is
going to break many existing configurations, so it would'nt be acceptable,
unless we consider that 2.3 is only close to its second release as general use.

Please backout if unacceptable, or suggest the appropriate means for advertizing
the change (other than searching the ITS).