Re: DN with semicolon does not work

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

I think what we really need to do is to make sure that
        DN_SEPARATOR()
        NDN_SEPARATOR()
are only called with normalized DNs.  Once that is done, then
the difference between these macros is moot.

I don't think a semi should appear in either a pretty nor a normalized
DN.  And if truely an arbitrary DN string, then neither macro is safe
to use.

Maybe we need to add
        assert( (c) != ';' )
in a few places to figure out how ';' are getting through to
{N}DN_SEPARATOR calls.

Kurt

At 05:12 PM 5/6/2004, Pierangelo Masarati wrote:

>> That's what I mean with "naive"; the DN_SEPARATOR() macro was probably
>> intended as a generic macro and not to be used for that purpose.  I
>> suggest properly escaped semicolons to be left in "pretty" form; it is
>> guaranteed that a normalized DN will only use commas as rdn separators.
>> The ndn exploration in back-bdb should be done with LDAP_DN_RDN_SEP() as
>> defined in libraries/libldap/getdn.c (moved to an appropriate header as
>> well as those macros that should not be deemed private) instead of
>> DN_SEPARATOR() as defined in slap.h, which is inappropriate for a
>> normalized DN.
>
>I temporarily fixed the problem in HEAD; a more complete fix would require
>moving DN parsing macros from libraries/libldap/getdn.c to a header, and
>replace those macros in servers/slapd/slap.h that are duplicate.
>
>I also note that the smae problem may potentially occur in all places
>where slapd uses the DN_SEPARATOR() macro (e.g. in ACLs, in limits, in
>backend selection and more) so I modified that code as well, and I'm about
>to commit this.
>
>p.
>
>-- 
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it
>
>
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497