[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8574) bconfig support for DNs that need escaping
On Wed, Feb 22, 2017 at 05:42:39PM +0000, Howard Chu wrote:
> okuznik@symas.com wrote:
>> When an rdn under cn=config needs escaping, incorrect value gets passed to the
>> attribute and, if the attribute is single-value, the entry is rejected by
>> entry_naming_check().
>>
>> Patch against master is attached.
>
> Why are you running the normalizer in a for-loop:
>
> + for ( cnt = 0; rDN[cnt]; cnt++ ) {
>
> but always setting value #0?
>
> + free( a->a_vals[0].bv_val );
> + ber_dupbv( &a->a_vals[0], &ava->la_value );
>
> If the RDN is actually a compound with multiple AVAs you need to concatenate
> them into a single value. Otherwise, if you don't intend to support compound
> RDNs, there's no point in using a for-loop. Just return an error if there's
> more than one AVA.
While X-ORDERED 'SIBLINGS' are required to the single-valued in the
draft and back-config doesn't actually use multi-valued rDNs, it might
break if the latter ever changes. An updated fix is here:
ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170222-Deal-with-rDN-correctly.patch
This will still pick the value if the rDN is multi-valued, this time
regardless of the attribute's position in the rDN.
Ondrej