[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8574) bconfig support for DNs that need escaping

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8574) bconfig support for DNs that need escaping
From: okuznik@symas.com
Date: Wed, 22 Feb 2017 18:34:36 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Wed, Feb 22, 2017 at 05:42:39PM +0000, Howard Chu wrote:
> okuznik@symas.com wrote:
>> When an rdn under cn=config needs escaping, incorrect value gets passed to the
>> attribute and, if the attribute is single-value, the entry is rejected by
>> entry_naming_check().
>> 
>> Patch against master is attached.
> 
> Why are you running the normalizer in a for-loop:
> 
> + for ( cnt = 0; rDN[cnt]; cnt++ ) {
> 
> but always setting value #0?
> 
> +		free( a->a_vals[0].bv_val );
> +		ber_dupbv( &a->a_vals[0], &ava->la_value );
> 
> If the RDN is actually a compound with multiple AVAs you need to concatenate
> them into a single value. Otherwise, if you don't intend to support compound
> RDNs, there's no point in using a for-loop. Just return an error if there's
> more than one AVA.

While X-ORDERED 'SIBLINGS' are required to the single-valued in the
draft and back-config doesn't actually use multi-valued rDNs, it might
break if the latter ever changes. An updated fix is here:

ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170222-Deal-with-rDN-correctly.patch

This will still pick the value if the rDN is multi-valued, this time
regardless of the attribute's position in the rDN.

Ondrej

Prev by Date: Re: (ITS#8485) [PATCH] Adding support for encrypted server private keys
Next by Date: Re: (ITS#8574) bconfig support for DNs that need escaping
Index(es):
- Chronological
- Thread