[Date Prev][Date Next]
Re: (ITS#4979) Bad response when requesting bad attributes
Hallvard B Furuseth a écrit :
>>ldapsearch -h localhost -p 10389 -D "uid=Admin,ou=system" -w secret -b
>>"dc=example,dc=com" -s sub "(objectClass=*)" person
>>will return all entries attributes, as if the 'person' was substituted
>That is what RFC 4511 says. Section 188.8.131.52 (SearchRequest.attributes):
> "If an attribute description in the list is not recognized, it is
> ignored by the server."
>Ignoring "person" yields an empty list, which works like a "*".
>I'm guessing that's not what it was intended to say though. RFC 1777
>(LDAPv2) did not have it, so 'person' would work like '1.1' does now.
Well, RFC 4511 just states that if the attribute is unknow, then it is
ignored, but say nothing about using '1.1' or '*' .
Ignoring the only attributes given by the user and substitute a '*' to
it is a violation of user intent, IMHO (even if this user was wrong when
selecting the attribute).
RFC 4511 authors didn't thought of such a case, I guess ;)
Anyway, OpenLdap behave differently if the attribute is unknown (9.9.9)
and when it is known by the server (at least, the OID is known, even if
it's not an attribute object), when it should returns always the same
result : either '*' or '1.1'. This is not the case, and it's not
consistent, whatever RFC 4511 says - or omits to say :) -.