[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8574) bconfig support for DNs that need escaping

On Wed, Feb 22, 2017 at 05:42:39PM +0000, Howard Chu wrote:
> okuznik@symas.com wrote:
>> When an rdn under cn=config needs escaping, incorrect value gets passed to the
>> attribute and, if the attribute is single-value, the entry is rejected by
>> entry_naming_check().
>> Patch against master is attached.
> Why are you running the normalizer in a for-loop:
> + for ( cnt = 0; rDN[cnt]; cnt++ ) {
> but always setting value #0?
> +		free( a->a_vals[0].bv_val );
> +		ber_dupbv( &a->a_vals[0], &ava->la_value );
> If the RDN is actually a compound with multiple AVAs you need to concatenate
> them into a single value. Otherwise, if you don't intend to support compound
> RDNs, there's no point in using a for-loop. Just return an error if there's
> more than one AVA.

While X-ORDERED 'SIBLINGS' are required to the single-valued in the
draft and back-config doesn't actually use multi-valued rDNs, it might
break if the latter ever changes. An updated fix is here:


This will still pick the value if the rDN is multi-valued, this time
regardless of the attribute's position in the rDN.