[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Behavior change on overlay sssvlv

To: Howard Chu <hyc@symas.com>
Subject: Re: Behavior change on overlay sssvlv
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Fri, 20 Apr 2012 14:13:38 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Oe9UgD/yUnAI8ZDHpCEgqD5joFCffvFiveO8VZAH3B4=; b=WRNtr6g8BPeaFH/EGEvKfCE5ATJvNJebnZMkUNjl6hTiMepKxg5jNsG8Ux7/d2Az/c JScREJ19/u6deZE4IAjWvPTRIkJb5qE/L0K8XDFSaf4LuMkhaRIkubDbGdP08TKtpoLk 0EGz8itenpPx8snctJCeX4wcTsuCPqe5UrOpzzVlVMy8r4kmUrGX58A7tGIv4TUwPH2S lPX8/MJrr2U3eZqKaXEc5uSPNFn0gUDWZKotfd6QgtoYxN2BgXiW2EaJmzbE4ldjD42p MrMBiyhcy6U3LAYkRFGlqtmTOo8te6sKCQqmMVpjDOd7xrzC8tzk5LRj27zyoeRYVR2d RM8w==
In-reply-to: <4F9143CF.1070806@symas.com>
References: <CAK_oV4-WEFo7qmuJJ9=Sg_njQh7MOsjzsNEZDZ97vE0djFwurw@mail.gmail.com> <4F9143CF.1070806@symas.com>

Le 20 avril 2012 13:09, Howard Chu <hyc@symas.com> a écrit :
> Clément OUDOT wrote:
>>
>> Hello,
>>
>> I noticed that with OpenLDAP 2.4.30, a search request with a non
>> criticical sss control on an attribute without ordering matching rule
>> returns an error:
>>
>> clement@ader:~/Programmes/openldap$ bin/ldapsearch -H
>> ldap://localhost:3389 -D ou=lsc,ou=accounts,ou=XXX -w secret -b
>> ou=people,ou=XXX -E sss=cn
>> # extended LDIF
>> #
>> # LDAPv3
>> # with server side sorting control
>> #
>>
>> # search result
>> search: 2
>> result: 18 Inappropriate matching
>> text: serverSort control: No ordering rule
>>
>> # numResponses: 1
>>
>>
>> Before, the error was only returned if the control was set to
>> critical.
>
>
> Looking back thru git, I see nothing to support this statement.
>
>
>> This was discussed in this ITS:
>> http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6647
>>
>> Is this behavior change intentional or is this a side effect of of
>> recent commit?
>
>
> Please give the version number where you last saw it behaving as you
> describe. I'm not seeing it.

I tested the patch proposed in ITS 6647 (applied on 2.4.23 version):
ftp://ftp.openldap.org/incoming/pierangelo-masarati-2010-09-14-sssvlv.1.patch

It was doing the job: returning an error only if the control was critical.

Then I see in the changelog that this ITS was fixed in the 2.4.24 release:

	Fixed slapo-sssvlv to not advertise when unused (ITS#6647)

But it seems that the real applied fix is: not declare sss control in
RootDSE when the overlay was compiled in slapd (so not as a module)
but not loaded in the configuration. Could you confirm?

>
> It looks to me like the current behavior is wrong; you should file an ITS.
>

I will do that.

Thanks,

Clément.

References:
- Behavior change on overlay sssvlv
  - From: Clément OUDOT <clem.oudot@gmail.com>
- Re: Behavior change on overlay sssvlv
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Behavior change on overlay sssvlv
Next by Date: Re: getent passwd doesn't show ldap user
Index(es):
- Chronological
- Thread