[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug- Enforcing validation when validator is NULL

Thanks  Pierangelo And Harpreet for your reply

As you suggested as per latest RFC specification , it is good idea for those attributes who don't have validators or where validator are all NULL to  remove those attributes from *.schema files and those syntaxes from hardcoded code files.

 so any idea in which openLDAP release those attributes will be removed from schema and hardcoded code. ?


 But currently since these attributes are defined and hard coded in openldap code ,

the problem is I can't re-define in custom schema exactly with same name as "protocol information" as the openldap service will not start

I have to define it as protocol informationXXX or something different to make it work

but it then it will breaks the schema for our product which we use for other LDAP server also


also I am thinking there is another solution to this bug . in openLDAP code in files /servers/slapd/modify.c  and entry.C if all the validator are NULL then it should skip the checking for validation and throwing the error "no validator for syntax". in that way openldap will allow to modify/add values for those attributes having all NULL validator without enforcing.


                                    if ( ATLEAST ONE VALIDATOR PRESENT)  //pseudo codeIS


                                    if( !pretty && !validate ) {

                                                *text = "no validator for syntax";

                                                snprintf( textbuf, textlen,

                                                            "%s: no validator for syntax %s",


                                                            ad->ad_type->sat_syntax->ssyn_oid );

                                                *text = textbuf;

                                                return LDAP_INVALID_SYNTAX;


Thanks and Regards

Message: 19
Date: Mon, 29 Sep 2008 20:25:14 +0200
From: Pierangelo Masarati <
Subject: Re: Bug- Enforcing validation when validator is NULL
To: Prashant kulkarni <
Message-ID: <
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Prashant kulkarni wrote:

> When I am trying to add/edit the value to the attribute "protocol
> information" which is required in our schema I am getting the error
> Invalid syntax :protocol information: no validator for syntax
> from the earlier mailing list I have found The problem seems to be lack of
> validations in the schema_init.c source code for attribure 'Protocol
> Information'
> this attribute protocolInformation is defined in core.schema
>  {"( DESC 'Protocol Information' )",
>   0, NULL, NULL, NULL},

This syntax has been removed from RFC 2252 when revised in RFC 4517, as
explicitly indicated in notes 21 and 28 to Appendix B of the latter.
This because although mentioned in RFC 2252, those syntaxes were not
defined and thus posing interoperability problems.  I believe OpenLDAP
should move one step forward toward RFC 451* compliance by removing
(actually, marking as OBSOLETE) those attributes from *.schema files and
those syntaxes from hardcoded ones.

>  including values like dnPretty ,UTF8StringValidate..etc in the code instead
> of NULL values will resolve my problem, but then that require the custom
> build and I have to do for all the attributes where validation is defined as

Not entirely true: you could implement a run-time module that looks up
those syntaxes and modifies the appropriate pointers right after
initialization.  Unless significant changes in the related slapd
structures or API, your module would seamlessly breeze through minor and
even major releases.

Furthermore, if those syntaxes are removed from the hardcoded ones, you
could define them via a custom schema file using the X-SUBST feature
(ITS#5663) recently introduced in HEAD code.  It allows to provide a
substitute syntax for  unimplemented ones.

> I personally feel that for those attributes where validation are NULL in
> schema_init.c and other schema files, the openLDAP should not force the
> validation and give this error message, as all these attributes in which
> validation are not defined becomes unusable .
> In Tivoli/Sun and Microsoft Active directory LDAP validation is not enforced
> where validation is defined as NULL hence I am not getting these kind of
> error in Tivoli/Sun and Microsoft Active directory for editing of this
> attribute .
> So any idea how to resolve this ? there is any way to modify any of the
> config file in openldap to disable this validation for protocol information
> ?
> do I have to raise bug request for the same and is this going to be fixed in
> next openLDAP release. ?
> Any help and suggestions in this direction is highly appreciated.

I personally believe the absence of a validator for those syntaxes is
the safest thing OpenLDAP can do to prevent further interoperability
issues.  The workaround illustrated above should allow you to circumvent
your problem without too much harm.  Of course, that's my personal
opinion, which might differ from that of the OpenLDAP project.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497