[Date Prev][Date Next] [Chronological] [Thread] [Top]

assert control <draft-zeilenga-ldap-assert>& add

I'm trying to use the "assert" control <draft-zeilenga-ldap-assert> to
selectively add entries based on a filter on entryDN.  It works almost
always as expected; however, when I try, for example, to add an entry
"cn=Foo" that already exists, and the assertion states
"(!(entryDN:dnSubtreeMatch:=cn=Foo))", according to the specification
I'd expect assertion occurs based on the entry that I'm adding, while
slapd doesn't even get to checking the "assert" because it first finds
that the entry exist and returns 68.  Similar behavior occurs if the
parent does not exist (32 is returned), or the database is shadow (10 is
returned).  My interpretation of the I.D.:

  When the control is attached to an LDAP request, the processing of the
  request is conditional on the evaluation of the Filter as applied
  against the target of the operation.  If the Filter evaluates to TRUE,
  then the request is processed normally.  If the Filter evaluates to
  FALSE or Undefined, then assertionFailed (IANA-ASSIGNED-CODE)
  resultCode is returned and no further processing is performed.

in this case would be the opposite: for ADD all the info is available
without even accessing the database, so discovering if the entry already
exists or the parent does not exist yet is part of the "processing",
which is conditioned to the "evaluation of the Filter".  So the
assertion should be evaluated __before__ trying to access the datum.  Or
am I missing something?


Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it