[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Invalid Add operations allowed (ITS#2243)
I've reworked the RDN checks so that they are consistently
applied to add, mod[r]dn, and modify operations. In the
later case, the check prevents modification of the attribute
of the entry in a manner inconsistent with the DN.
The checks are disabled by "schemacheck off"...
At 04:25 AM 2/6/2003, ando@sys-net.it wrote:
>>
>>>> Could we make the non-BAILOUT behaviour (add RDN attributes
>>>> not specified in the entry) a configure- or run-time option?
>>>>
>>>> Unfortunately we must deal with some clients, such as Active
>>>> Directory, that do not always include the RDN attribute in
>>>> the entry.
>>>
>>>Personally, I don't like it; however, it is currently
>>>a compile option: #undef BAILOUT in servers/slapd/add.c
>>>and you get the desired behavior. It can be easily turned
>>
>> I have done that (#undef BAILOUT) for the moment. However we
>> would prefer to use an unmodified OpenLDAP tree where possible...
>
>I'm in favour of having both behaviors in the main tree, with
>a preference for the BAILOUT case
>
>>
>>>into a config option, but I'd consider it confusing and
>>>misleading. Maybe it could be part of the "schemacheck off"
>>>option...
>>
>> How about an undocumented option? :-)
>
>I'd prefer documented options. Since I understand
>there may be need for this "soft" case, and since this would
>harmonize with the behavior of existing implementations,
>I would not oppose a config option, with default to BAILOUT,
>of course.
>
>Ando.
>
>--
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it