[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6600) pcache overlay should ignore invalid attributes in search requests

To: openldap-its@OpenLDAP.org
Subject: (ITS#6600) pcache overlay should ignore invalid attributes in search requests
From: jonathan@phillipoux.net
Date: Fri, 23 Jul 2010 15:24:35 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Jonathan CLARKE
Version: RE24
OS: 
URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-pcache-100723.patch
Submission from: (NULL) (80.13.86.63)


While checking it's configuration, the pcache overlay verifies each configured
attribute set (pcacheAttrset), to ensure that all attributes in the set are
defined, via slap_str2ad. Given an attribute set with a non-existant attribute,
an error is logged and slapd refuses to start (as expected):

line 117 (pcacheAttrset   0   nonexistantAttr)
/etc/ldap/slapd.conf: line 117: attribute type undefined.

However, when a search request comes in, the requested attributes list is not
checked by the pcache overlay to ensure that attributes are properly defined. In
effect, slapd just ignores the non-existant attributes, and returns other
attributes (or behaves as if 1.1 was requested if all requested attributes are
invalid).

This causes pcache's attribute set matching to fail for some requests, since it
counts invalid attributes. If it were to ignore them, configured attribute sets
might match, and successfully cache the search. The patch above implements this
behaviour. Would you consider it for inclusion in OpenLDAP?

I realize this may be considered "repairing bad requests", but sometimes one
can't (easily) control what clients are requesting. Furthermore, it seems to
make sense to have matching behavior all over (since slapd ignores invalid
requested attributes, pcache should too, IMHO).

Prev by Date: (ITS#6599) slapd not responding
Next by Date: Re: (ITS#6534) bad ifdef/elif clause in liblutil
Index(es):
- Chronological
- Thread