[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8242) constraint overlay gets bypassed for add operations without RDN attribute explicitly listed
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#8242) constraint overlay gets bypassed for add operations without RDN attribute explicitly listed
- From: subbarao@computer.org
- Date: Thu, 10 Sep 2015 18:05:30 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Kartik Subbarao
Version: 2.4.41
OS: Ubuntu 14.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (173.75.228.155)
I have the constraint overlay configured to disallow space characters in the uid
attribute. Normally this behaves as expected and rejects attributes with spaces,
such as when I add this LDIF entry with ldapmodify:
dn: uid=test app@example,com,dc=example,dc=com
objectClass: applicationProcess
objectClass: llnwApplication
uid: test app@example.com
cn: test app
description: This is a test
The constraint overlay properly rejects the add operation.
But if I leave out the 'uid' attribute, it bypasses the constraint overlay and
adds the entry:
dn: uid=test app@example,com,dc=example,dc=com
objectClass: applicationProcess
objectClass: llnwApplication
cn: test app
description: This is a test
Looking at the source code, this behavior seems to happen because
constraint_add() loops through the op->ora_e->e_attrs list, which the RDN
attribute is absent from in this case.