[Date Prev][Date Next] [Chronological] [Thread] [Top]

able to add an entry without parent (ITS#2757)

To: openldap-its@OpenLDAP.org
Subject: able to add an entry without parent (ITS#2757)
From: jongchoi@us.ibm.com
Date: Tue, 7 Oct 2003 18:43:36 GMT

Full_Name: Jong Hyuk Choi
Version: 
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (129.34.20.23)


Moving the orphan entry add issue outstanding in the
devel list into the ITS.

=======================================================
It does look like the code can be simplified quite a bit...
but I'm not sure dnParent() can or should be changed.  I
think we should confine the fix to add.c and modrdn.c for now.

Kurt
=======================================================
>when the entry is the context prefix (or, as a special
>case, when the entry DN has only one RDN and the
>context prefix is the empty DN). 

The next if statement (be_issuffix() || be_isupdate()) also 
does not seem to be correct. 
Wondering if dnParent() can be changed to 
        /* one-level dn */ 
        if ( p == NULL ) { 
                pdn = slap_empty_bv; 
                return; 
        } 
then the above condition meets automatically. 

btw, the same applies for modrdn. 

- Jong 
=======================================================
It seems to be a part of umich ldap legacy. 
- Jong 
=======================================================
I thought that check in the code only applied for root adding
the suffix entry. If not, it probably needs to be changed.
  -- Howard Chu
=======================================================
I think the !be-is_root() check should be removed.
The server should, within a naming context, ensure
that each entry has a parent.  The parent-less
add should only be allowed (subject to access controls)
when the entry is the context prefix (or, as a special
case, when the entry DN has only one RDN and the
context prefix is the empty DN).

Kurt
=======================================================
The addition of an entry that does not have parent is 
permitted when adding as the rootdn. 
(back-bdb/add.c:287  back-ldbm/add.c:240) 
RFC2251 says the parent MUST exist and hence 
it seems that !be_is_root() checking should be removed. 
Does anyone know of reasons not to remove this ? 
- Jong 
=======================================================

Prev by Date: Re: slap_graduate_commit_csn() crashes slapd (ITS#2744)
Next by Date: RE: test017 failure with slapi (ITS#2747)
Index(es):
- Chronological
- Thread