[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Invalid Add operations allowed (ITS#2243)
At 12:21 PM 1/30/2003, ando@sys-net.it wrote:
>> At 11:10 PM 1/29/2003, ntb@mts.ru wrote:
>>>example from original message:
>>>
>>>---
>>>dn: cn=mycountry,dc=mycompany,dc=com
>>>objectclass: country
>>>c: mycountry
>>>---
>>
>> As I noted to Ando, the above entry is invalid. An attempt
>> to add such should result in an error such as noSuchAttribute.
>
>... which is now the current behavior of slapd.
>The only allowed cases, pending review, are:
>
>dn: ou=Guests,dc=my,dc=org
>objectClass: alias
>aliasedObjectName: ou=People,dy=my,dc=org
Invalid. Should have:
ou: Guests
as well as an additional objectClass (or DIT Content Rule) which
allows ou to be present in the alias.
>and
>
>dn: ou=Guests,dc=my,dc=org
>objectClass: referral
>ref: ldap://ldap.your.org/ou=People,dc=my,dc=org
Invalid. Should have:
ou: Guests
as well as an additional objectClass (or DIT Content Rule) which
allows ou to be present in the referral.
>which eventually (as exemplified in RFC3296) should be turned into
No. The client is responsible for providing a proper
entry. The server is responsible for ensuring that no
improper entry is added. The server should NOT turn
an improper entry into a proper entry.
>and thus also comply with RFC2251.
>
>I've added a /* FIXME */ in this sense in servers/slapd/add.c
The fix is to remove the /* FIXME */ stuff. There are no
special alias/referral cases here.
Kurt