[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4037) syntax error in objectclass definition not caught

> Full_Name: Yann Dirson
> Version: 2.2.13 (rhel4 2.2.13-2)
> OS: rhel 4
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> When an objectclass definition has an extraneous closing paren, causing
> the
> definition to end prematurely, the following statements, which were
> intended to
> be part of the definition, do not cause any error.  Here is a sample one:
> objectclass ( 1.1.1 NAME 'projectaccount'
> 	MUST ( projectgroup ) )
> slaptest reports no error here.  If I suppress the extraneous parent
> before the
> MUST clause, then slaptest complains about the projectgroup attribute not
> being
> defined, as expected.
> It is an important issue, since one may think to have a strict schema,
> ensuring
> the occurence of certain attributes, whereas openldap will happilly let
> objects
> in, which do not respect the intended schema.  Indeed, I noticed the issue
> while
> I wondered why my knowingly-incomplete objects were accepted by slapadd...

[my original message might have gotten lost]

There is very little we can do in 2.2 to fix the behavior of the parser. 
In 2.3, parsing is much stricter, in that it typically checks for __all__
args and hollers if the count is incorrect (the final answer, on variable
arg number statements, is on each specific configuration handling routine,
though).  Sooner or later, the SLAPD_CONF_UNKNOWN_BAILOUT macro will be
defined in release code; after that, inconsistencies in configuration will
not just be logged as warnings, but will cause slapd to abort.  In the
meanwhile, you need to upgrade to 2.3 and switch that on manually.  It is
very unlikely that 2.2 ever gets touched in this area.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497