[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5862) Assert control ignored on non-database entries
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#5862) Assert control ignored on non-database entries
- From: hyc@symas.com
- Date: Thu, 30 Dec 2010 16:22:35 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD
> OS: Linux
> URL:
> Submission from: (NULL) (129.240.6.233)
> Submitted by: hallvard
>
>
> slapd does not apply the Assert control to non-database entries
> (at least the root and subschema entries), yet does not reject
> a critical control either.
>
> I have not explored the magnitutde of the problem: Where the
> control can get ignored, and which other controls are ignored.
>
> $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b "" -s base
> dn:
> objectClass: top
> objectClass: OpenLDAProotDSE
>
> $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b cn=subschema -s base
> dn: cn=Subschema
> objectClass: top
> objectClass: subentry
> objectClass: subschema
> objectClass: extensibleObject
> cn: Subschema
>
>
> -b "" -s sub does apply the control with database bdb + suffix "".
> Don't know about back-sql.
> However I imagine it varies how careful backends "" are about generating
> the root DSE when suffix == "" so controls can be applied to it. Might
> need a backend flag which says whether the backend does this, and reject
> the critical controls with unwillingToPerform if this flag is not set.
With ITS#6753 I've centralized Compare processing into the frontend, so the
Assert control is now processed for non-database entries with this op. Someone
should take a look and see what other operations we need to worry about.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/