[Date Prev][Date Next]
Re: (ITS#6600) pcache overlay should ignore invalid attributes in search requests
> Full_Name: Jonathan CLARKE
> Version: RE24
> URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-pcache-100723.patch
> Submission from: (NULL) (18.104.22.168)
> While checking it's configuration, the pcache overlay verifies each
> attribute set (pcacheAttrset), to ensure that all attributes in the set
> defined, via slap_str2ad. Given an attribute set with a non-existant
> an error is logged and slapd refuses to start (as expected):
> line 117 (pcacheAttrset 0 nonexistantAttr)
> /etc/ldap/slapd.conf: line 117: attribute type undefined.
> However, when a search request comes in, the requested attributes list is
> checked by the pcache overlay to ensure that attributes are properly
> defined. In
> effect, slapd just ignores the non-existant attributes, and returns other
> attributes (or behaves as if 1.1 was requested if all requested attributes
> This causes pcache's attribute set matching to fail for some requests,
> since it
> counts invalid attributes. If it were to ignore them, configured attribute
> might match, and successfully cache the search. The patch above implements
> behaviour. Would you consider it for inclusion in OpenLDAP?
> I realize this may be considered "repairing bad requests", but sometimes
> can't (easily) control what clients are requesting. Furthermore, it seems
> make sense to have matching behavior all over (since slapd ignores invalid
> requested attributes, pcache should too, IMHO).
Yours looks like a good catch; however, your patch looks a bit like an
overkill, since the an_desc field of the attribute list that is passed to
get_attr_set() should already be set if the attribute was recognized by
slapd, so you don't need to go through slap_bv2ad() once more.