[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8242) constraint overlay gets bypassed for add operations without RDN attribute explicitly listed

To: openldap-its@OpenLDAP.org
Subject: (ITS#8242) constraint overlay gets bypassed for add operations without RDN attribute explicitly listed
From: subbarao@computer.org
Date: Thu, 10 Sep 2015 18:05:30 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Kartik Subbarao
Version: 2.4.41
OS: Ubuntu 14.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (173.75.228.155)


I have the constraint overlay configured to disallow space characters in the uid
attribute. Normally this behaves as expected and rejects attributes with spaces,
such as when I add this LDIF entry with ldapmodify:

dn: uid=test app@example,com,dc=example,dc=com
objectClass: applicationProcess
objectClass: llnwApplication
uid: test app@example.com
cn: test app
description: This is a test

The constraint overlay properly rejects the add operation.

But if I leave out the 'uid' attribute, it bypasses the constraint overlay and
adds the entry:

dn: uid=test app@example,com,dc=example,dc=com
objectClass: applicationProcess
objectClass: llnwApplication
cn: test app
description: This is a test

Looking at the source code, this behavior seems to happen because
constraint_add() loops through the op->ora_e->e_attrs list, which the RDN
attribute is absent from in this case.

Prev by Date: (ITS#8241) assert fail from back-bdb/add failure
Next by Date: Re: (ITS#8240) OpenLDAP ber_get_next denial of service vulnerability
Index(es):
- Chronological
- Thread