[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8845) Cannot preserve existing controls with new extended operations
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8845) Cannot preserve existing controls with new extended operations
- From: hyc@symas.com
- Date: Tue, 08 May 2018 16:09:12 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
ondra@mistotebe.net wrote:
> On Fri, May 04, 2018 at 09:21:59PM +0000, quanah@openldap.org wrote:
>> As noted in the OpenLDAP source
>> (http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/slapd/controls.c;hb=refs/heads/OPENLDAP_REL_ENG_2_4#l323)
>> there is an issue with controls being reset with a new extended operation. This
>> is problematic for a proxy auth mechanism being developed, as it needs to have
>> the controls preserved while passing an extended op to slapd.
>>
>> A possibility would be to re-register the control, adding the corresponding
>> extended operations, but the parsing function resets them so this unfortunately
>> is not an option.
>
> The issue is actually allowing existing controls to be used with newly
> registered exops, since the only way to declare the compatibility would
> be by re-registering the control. Problem there is that built-in
> controls have everything static to controls.c, so it's not even possible
> to do that.
>
> A solution would be to add another piece of API that receives a pair of
> (control OID, exop OID), finds the control and adds the OID to the
> sc_extendedops(bv) lists.
>
> Going to do just that (register_control_exop() a decent name?).
Makes sense.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/