[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5556) ldapadd/slapadd create objects without RDN

To: openldap-its@OpenLDAP.org
Subject: (ITS#5556) ldapadd/slapadd create objects without RDN
From: joshua@itsecureadmin.com
Date: Fri, 13 Jun 2008 16:34:39 GMT

Full_Name: Josh Miller
Version: 2.4.10
OS: CentOS 5.1
URL: http://itsecureadmin.com/uid-test.txt
Submission from: (NULL) (65.249.25.3)


When adding an object with slapadd or ldapadd, it is possible to create an
object which does not have an RDN, and therefore not searchable by RDN.

Example data:

dn: uid=nouiduser,ou=People,dc=openldap,dc=example,dc=com
objectClass: mailAccount
maildrop: nouiduser@nest.tld
mailid: nouiduser@nest.tld
maildir: nouiduser/
userPassword:: e2NyeXB0fSQxJERCQS5wdmZYJHU0eFp3TndSRDIwSDFkTDBrNmZMRi4=
mailquota: 35969216S

The above LDIF is added to the directory without any errors and is then missing
the uid attribute.  ldapsearch will not return any results when filtering on
uid, ie:

$ ldapsearch -xZZH ldap://server uid=nouiduser

- Expected result - return the object.
- Actual result - no object returned.
- Workaround - use ldapmodify to add the uid attribute.

Please see the attached URL for complete event details (add/search/modify).

Prev by Date: (ITS#5555) authzTo ACL check for wrong principal
Next by Date: (ITS#5557) memory leak in ACL sets
Index(es):
- Chronological
- Thread