[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd entry.c

Hallvard B Furuseth wrote:
> ando@OpenLDAP.org writes:
>>       Tag: OPENLDAP_REL_ENG_2_3
>> 	entry.c ->
>> import fix to ITS#5071
> This (/* require ';binary' when appropriate (ITS#5071) */) is a
> functionality change which can prevent people from upgrading.
> I don't think that belongs so late in RE23's life cycle.

You can't load a certificate without ';binary' using ldapadd/ldapmodify;
this fix makes slapadd consistent with LDAP operations, so I don't think
it's going to break things that much.

Given that without this if you add certificates without ';binary' you
won't be able to search with "(userCertificate;binary=*)", nor to get
them back by requesting "userCertificate;binary", I believe late or not
the pros overcome any cons.

But, of course, I'll be happy to back it up if there's no consensus (I
just gave it for granted).


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it