[Date Prev][Date Next]
Re: (ITS#5927) assertion error when using pcache
Michael Ströder wrote:
> email@example.com wrote:
>> As an alternative, I suggest modifying slapd/ad.c to treat "=" the same as "-"
>> in an option definition. Then simply adding
>> attributeoption range=
>> to slapd.conf will allow the values to be recognized. (With the constraint
>> that '=' must be the final character in the option definition...)
>> Let the client decide if they want to go thru the trouble of retrieving all
>> the values or not. Certainly, for slapd to do it implicitly will overburden
>> the (pathetically broken) AD server (otherwise they wouldn't need to break the
>> value up into ranges in the first place). Indeed, doing this implicitly would
>> amount to a DOS attack on the AD server.
> I strongly agree with Howard here. The work-around for "=" seems enough.
> If someone really writes an app which needs the range feature it should
> access AD directly.
This is now changed in HEAD. If an attributeoption is configured that ends
with '=' then MSAD compatibility is enabled, otherwise '=' is rejected as usual.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/