[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6000) slapadd allows to add entry with empty DN

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6000) slapadd allows to add entry with empty DN
From: quanah@zimbra.com
Date: Thu, 5 Mar 2009 17:09:19 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Thursday, March 05, 2009 4:58 PM +0000 ando@sys-net.it wrote:

> Full_Name: Pierangelo Masarati
> Version: HEAD/re24
> OS: irrelevant
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (81.72.89.40)
> Submitted by: ando
>
>
> When slapd is configured to host a database with empty suffix (""), an
> entry with empty DN can be slapadd'ed, but not ldapadd'ed.  I believe the
> latter behavior is appropriate, while the former should be denied.

I disagree.  When you configure a database with "", and you slapcat it, it 
generates the empty suffix entry, which is used to store the contextCSN for 
replication.  You *must* be able to export it and reload it for 
sync-replication.  For example, from slapcat:

dn:
objectClass: glue
structuralObjectClass: glue
contextCSN: 20060825091501Z#000000#00#000000
entryCSN: 20060825091501Z#000000#00#000000
modifiersName: uid=zimbra,cn=admins,cn=zimbra
modifyTimestamp: 20060825091501Z
entryUUID: 956a60ba-c8a6-102a-86ac-5d3a048562c0
creatorsName: uid=zimbra,cn=admins,cn=zimbra
createTimestamp: 20060825165749Z


--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#6000) slapadd allows to add entry with empty DN
Next by Date: Re: (ITS#6000) slapadd allows to add entry with empty DN
Index(es):
- Chronological
- Thread