[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid Add operations allowed (ITS#2243)

To: openldap-its@OpenLDAP.org
Subject: Invalid Add operations allowed (ITS#2243)
From: rganesan@vsnl.net
Date: Wed, 18 Dec 2002 11:03:03 GMT

Full_Name: Ganesan R
Version: 2.1.9
OS: Debian GNU/Linux 3.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.107.253.38)


Hi,

All versions of openldap allow the creation of a dn with a cn attribute even if
the objectclass doesn't include a cn. For example, I can add the following
object without an error.

---
dn: cn=mycountry,dc=mycompany,dc=com
objectclass: country
c: mycountry
---

In case of a locality, which does not even locality as a MUST attribute, 
the following ldif can be added successfully.

---
dn: cn=mylocality,dc=mycompany,dc=com
objectclass: locality
---

This bug exists for any objectclass that doesn't have cn as a must attribute.
You can also add a locality without specifying 'l' in the list of attributes, 
since l is not a MUST attribute. I don't know if LDAP allows creation of
an object with no attribute being present for the RDN.

---
dn: l=mylocality,dc=mycompany,dc=com
objectclass: locality
---

Ganesan

Prev by Date: certificateExactMatch (ITS#2242)
Next by Date: slapd assertion failure in ber_get_next() (ITS#2246)
Index(es):
- Chronological
- Thread