[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: able to add an entry without parent

To: Jonghyuk Choi <jongchoi@us.ibm.com>
Subject: Re: able to add an entry without parent
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 10 Sep 2003 14:48:01 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <OFC2D7359E.F79B5A1E-ON85256D9D.0069F4FF-85256D9D.006B3E21@ us.ibm.com>

I think the !be-is_root() check should be removed.
The server should, within a naming context, ensure
that each entry has a parent.  The parent-less
add should only be allowed (subject to access controls)
when the entry is the context prefix (or, as a special
case, when the entry DN has only one RDN and the
context prefix is the empty DN).

Kurt

At 12:32 PM 9/10/2003, Jonghyuk Choi wrote:

>The addition of an entry that does not have parent is 
>permitted when adding as the rootdn. 
>(back-bdb/add.c:287  back-ldbm/add.c:240) 
>RFC2251 says the parent MUST exist and hence 
>it seems that !be_is_root() checking should be removed. 
>Does anyone know of reasons not to remove this ? 
>- Jong 
>
>------------------------
>Jong Hyuk Choi
>IBM Thomas J. Watson Research Center - Enterprise Linux Group
>P. O. Box 218, Yorktown Heights, NY 10598
>email: jongchoi@us.ibm.com
>(phone) 914-945-3979    (fax) 914-945-4425   TL: 862-3979

Prev by Date: able to add an entry without parent
Next by Date: RE: able to add an entry without parent
Index(es):
- Chronological
- Thread