[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid Add operations allowed (ITS#2243)



> Date: Wed, 18 Dec 2002 11:02:56 GMT
> From: rganesan@vsnl.net
> To: openldap-its@OpenLDAP.org
> Subject: Invalid Add operations allowed
> 
> Full_Name: Ganesan R
> Version: 2.1.9
> OS: Debian GNU/Linux 3.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (128.107.253.38)
> 
> 
> Hi,
> 
> All versions of openldap allow the creation of a dn with a cn attribute even if
> the objectclass doesn't include a cn. For example, I can add the following
> object without an error.
> 
> ---
> dn: cn=mycountry,dc=mycompany,dc=com
> objectclass: country
> c: mycountry
> ---
> 
> In case of a locality, which does not even locality as a MUST attribute, 
> the following ldif can be added successfully.
> 
> ---
> dn: cn=mylocality,dc=mycompany,dc=com
> objectclass: locality
> ---
> 
> This bug exists for any objectclass that doesn't have cn as a must attribute.
> You can also add a locality without specifying 'l' in the list of attributes, 
> since l is not a MUST attribute. I don't know if LDAP allows creation of
> an object with no attribute being present for the RDN.
> 
> ---
> dn: l=mylocality,dc=mycompany,dc=com
> objectclass: locality
> ---

The right solution for this is adding rdn implicitly then it omitted in
ldif,
as IPlanet does on add/modrdn, and OpenLDAP does on modrdn.
Btw, last example is correct in this case... we can add such entry, but
when we
search for it, we must get

---
dn: l=mylocality,dc=mycompany,dc=com
objectclass: locality
l: mylocality                       #actually this added automatically
by server
                                    #at object creation time.
---

in the next case it's just essential to add rdn automatically _before_
schemacheck.
---
dn: cn=mycountry,dc=mycompany,dc=com
objectclass: country
c: mycountry
cn: mycountry                       #and this will be rejected by
schemacheck.
---

> Ganesan

SMTP /Perece/.