[Date Prev][Date Next]
Re: Problem with overlay uniqe
>> Ruud Baart wrote:
>>> I use slapd 2.4.23 (debian package) with some overlays: syncprov, unique
>>> valsort. I have a problem with the unique overlay.
>>> This is the unique constraint:
>> This is not a valid LDAP URL. Probably this should be this LDAP URL with
>> emtpy hostport part:
>> See http://www.ietf.org/rfc/rfc4516.txt for syntax of LDAP URLs.
> Good catch; please note that the original URI was valid, but it meant
> $ ./libraries/libldap/urltest
> generic LDAP url
> PROTO: ldap
> HOST: ou=Workstations,ou=Devices,dc=example,dc=com
> PORT: 389
> SCOPE: sub
> URL: ldap://ou=Workstations,ou=Devices,dc=example,dc=com:389/?uid?sub
Academic nitpicking mode on: ;-)
No matter what OpenLDAP's (and python-ldap's) LDAP URL parser let pass through
because of ldapi URLs I don't think that the original URI was valid because a
DN is not a valid host [COLON port] part.
See section 2. of RFC 4516:
ldapurl = scheme COLON SLASH SLASH [host [COLON port]]
[SLASH dn [QUESTION [attributes]
[QUESTION [scope] [QUESTION [filter]
; <host> and <port> are defined
; in Sections 3.2.2 and 3.2.3
; of [RFC3986].
> This error would have been caught if unique_new_domain_uri() checked that
> the host portion be empty, to indicate a local URI, as in many other
> functionalities of OpenLDAP's slapd. I suggest an ITS be filed to
> strengthen misconfiguration detection.
My ITS will be ignored anyway. So better you should file one.