[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unique contraint bypassed by java modify (and correctly enforced by pytho/ldapmodify)
- To: openldap-technical@openldap.org
- Subject: Re: unique contraint bypassed by java modify (and correctly enforced by pytho/ldapmodify)
- From: Alessandro Dentella <sandro@e-den.it>
- Date: Fri, 25 Sep 2015 09:51:59 +0200
- Content-disposition: inline
- In-reply-to: <3C6158706E9B7BA5AFF5E99D@[192.168.1.9]>
- Mail-followup-to: openldap-technical@openldap.org
- References: <20150923230824.GA3015@localhost> <3C6158706E9B7BA5AFF5E99D@[192.168.1.9]>
- User-agent: Mutt/1.5.21 (2010-09-15)
On Thu, Sep 24, 2015 at 04:34:13PM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, September 24, 2015 2:08 AM +0200 Alessandro Dentella
> <sandro@e-den.it> wrote:
>
> >
> >Hi,
> >
> >i have been stryggling with a unique contraint that i being
> >constrantly bypassed by a java script.
> >
> >I setup the ldap server and unique layer and I virified that the
> >uniquened on a field is correctly enforce using ldapmodify, ldapvi,
> >python and one more widget tool.
> >
> >There is a java program I have not written (I don't know java) that
> >constantly bypasses the constraint and I can't really understand how
> >it can. It seems to perform the same operation I do: given an
> >existing item, change mail field.
> >
> >What can it be that is different from one and the other situation?
> >All programs connect with simple authentication + tls.
> >
> >Thanks for any possible hints
> >
> >sandro
> >*:-)
> >
> >PS: I thought to bypass this problem switching to back-sql +
> >PostgreSQL so that I openned up to other problems, subject of a
> >separate email...
>
> experimental, and why would you expect that to solve your issue?
becouse I know that PostgreSQL would never let a duplicate field on a
unique index!
To me if slapo-index let a program to bypass that constraint is at
least buggy and experimental eather.
The java program was written by people ot of my company, and I'm not
really in the position to tell them to change they're code becouse I'm
not able to make a correct index on a field. I'm not really used to
think at unicity is a constraint that can be bypassed...
That said, the author of the java code is collaborative and there is
room for a change if that demonstrates to be the correct solution.
> Why would you use an unsupported backend that's entirely
> experimental
It has been in the openldap repository for years so I thought that was at
least working. In the internet the documentation is verry scarce but
there are people that declare it's working for them
> I'd guess that java is using the manageDSAit control to bypass
> slapo-unique, and your other programs aren't.
Honestly I didn't even know about this possibility. Can I see that from the
logs? They're not currently aware of using it unless is a
default. What check can I ask them to perform?
Is there a way to inhibit this kind of access?
sandro
Thanks in advance