[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support



> ># Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
> >#       validaters for these syntaxes are incomplete, they only
> >#       implement printable string validation (which is good as the
> >#       common use of these syntaxes violates the specification).
> >
> >So, here's what I'm unclear on is what the behavior of 
> searches will be?
> 
> The attribute type is described as having no equality, no
> ordering, and no substrings rules, hence equality, ordering
> and substrings assertions should and do evaluate to Undefined.

That seems like a pretty harsh read of the spec, considering you're not
even following it to begin with with the syntax validation of that
element. 

The search that solaris is doing is a simple match against
"(*,userid,*)".

I can certainly understand wanting to keep the syntax definition as
close to spec as possible, but you're already going against that with
the comment above about common use and implementation of the validator.
It seems to me that allowing the search against the schema under common
use would go along with that. As you currently have it defined,
nis.schema on openldap is completely unusable for any client that
searches on nisNetgroupTriple to determine if a user is allowed to log
in. 

In any case, you can close this, we'll complain to sun about it... 

-- Nathan