[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5751) undefined value in slapo-constraint with bad filter

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5751) undefined value in slapo-constraint with bad filter
From: michael@stroeder.com
Date: Sun, 19 Oct 2008 12:56:56 GMT

hyc@symas.com wrote:
> h.b.furuseth@usit.uio.no wrote:
>> Full_Name: Hallvard B Furuseth
>> Version: HEAD, RE24
>> OS:
>> URL:
>> Submission from: (NULL) (129.240.6.233)
>> Submitted by: hallvard
>>
>>
>> overlays/constraint.c:constraint_violation() uses and maybe returns an
>> undefined value in 'rc' if the filter is bad (nop.ors_filter == NULL).
>>
>> I have no idea what rc should be in this case.
>>
>> Introduced in constraint.c 1.18 (OpenLDAP 2.4.12).
> 
> Probably should just set rc=LDAP_SUCCESS in this case. The constraint is 
> invalid, so it cannot be violated.

Hmm, I'd prefer a strong indication that the constraint is invalid.

If it can be proven that the filter is bad slapo-constraint should
probably stop during startup with an appropriate message. Otherwise
returning constraintViolation would be appropriate either since the LDAP
client fails then and it makes admins search for the cause of it.

Ciao, Michael.

Prev by Date: R: Re: (ITS#5744) Automatically close issues when no feedback is received within a reasonable time
Next by Date: (ITS#5752) ldapadd/ldapmodify do not follow referrals
Index(es):
- Chronological
- Thread