[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8574) bconfig support for DNs that need escaping
On Wed, Feb 22, 2017 at 06:34:18PM +0000, Ond=C5=99ej Kuzn=C3=ADk wrote:
> On Wed, Feb 22, 2017 at 05:42:39PM +0000, Howard Chu wrote:
>> okuznik@symas.com wrote:
>>> When an rdn under cn=3Dconfig needs escaping, incorrect value gets pa=
ssed to the
>>> attribute and, if the attribute is single-value, the entry is rejecte=
d by
>>> entry_naming_check().
>>>=20
>>> Patch against master is attached.
>>=20
>> Why are you running the normalizer in a for-loop:
>>=20
>> + for ( cnt =3D 0; rDN[cnt]; cnt++ ) {
>>=20
>> but always setting value #0?
>>=20
>> + free( a->a_vals[0].bv_val );
>> + ber_dupbv( &a->a_vals[0], &ava->la_value );
>>=20
>> If the RDN is actually a compound with multiple AVAs you need to conca=
tenate
>> them into a single value. Otherwise, if you don't intend to support co=
mpound
>> RDNs, there's no point in using a for-loop. Just return an error if th=
ere's
>> more than one AVA.
>=20
> While X-ORDERED 'SIBLINGS' are required to the single-valued in the
> draft and back-config doesn't actually use multi-valued rDNs, it might
> break if the latter ever changes. An updated fix is here:
>=20
> ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170222-Deal-with-rDN-co=
rrectly.patch
>=20
> This will still pick the value if the rDN is multi-valued, this time
> regardless of the attribute's position in the rDN.
As pointed out by Howard, the patch was not against master (although
my git doesn't complain anyway). The following patch is and also tests
that the attribute we were asked to update is actually present in the
rDN provided:
ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170222b-Deal-with-rDN-cor=
rectly.patch