[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5861) Assert control on Add request fails

On Dec 20, 2008, at 12:13 PM, ando@sys-net.it wrote:

> h.b.furuseth@usit.uio.no wrote:
>> Full_Name: Hallvard B Furuseth
>> Version: HEAD
>> OS: Linux
>> URL:
>> Submission from: (NULL) (
>> Submitted by: hallvard
>> RFC 4528 says the Assert control is appropriate for Add.


>> Slapd disagrees:

No.  slapd(8) is saying the control is unavailable.  That's quite  
different than saying it is inappropriate.

>> $ ldapadd -xhlocalhost:3890 -e\!assert='(objectClass=organization)'  
>> <test.ldif
>> adding new entry "o=test"
>> ldap_add: Critical extension is unavailable (12)
>>        additional info: critical extension is unavailable
> According to this thread
> <http://www.openldap.org/lists/openldap-software/200512/msg00250.html>
> the author of the assertion control (Kurt :) believes the current
> specification is flawed.  In fact, the assertion control is intended  
> to
> apply to the contents of the DIT.  The entry does not belong to the  
> until the operation is completed, so assertion cannot apply.

Those comments were in respect to the I-D (when it was a work in  

The specification does allow for the control to be attached to Add  
requests.  Though it might seem kind of pointless, a client might do  
it as it is not itself capable of evaluating some assertion.

I would argue that it fine for a server which cannot handle the  
control in this (or other cases) to return  
unavailableCriticalExtension.  The specification certainly doesn't  
require a server to make use of the control in cases where it might be  

This is not to say slapd(8) shouldn't be updated to make use of the  
control when provided with Add requests, just saying it's technically  
okay that it doesn't.