[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5927) assertion error when using pcache

Michael Ströder wrote:
> hyc@symas.com wrote:
>> As an alternative, I suggest modifying slapd/ad.c to treat "=" the same as "-"
>> in an option definition. Then simply adding
>> 	attributeoption range=
>> to slapd.conf will allow the values to be recognized. (With the constraint
>> that '=' must be the final character in the option definition...)
>> Let the client decide if they want to go thru the trouble of retrieving all
>> the values or not. Certainly, for slapd to do it implicitly will overburden
>> the (pathetically broken) AD server (otherwise they wouldn't need to break the
>> value up into ranges in the first place). Indeed, doing this implicitly would
>> amount to a DOS attack on the AD server.
> I strongly agree with Howard here. The work-around for "=" seems enough.
> If someone really writes an app which needs the range feature it should
> access AD directly.


This is now changed in HEAD. If an attributeoption is configured that ends 
with '=' then MSAD compatibility is enabled, otherwise '=' is rejected as usual.
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/