[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5150) Patch to add a new config option to force the return of operational attributes in rootDSE

mspeder@syrtis.net wrote:
> Full_Name: Matthieu Speder
> Version: Latest HEAD
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/Matthieu-Speder-070922.patch
> Submission from: (NULL) (82.224.96.182)
> 
> 
> This patch adds a new global option in configuration
> (forceopattrs/olcForceOpAttrs { on | off }).

Thanks for the patch. Still, the behavior you're introducing is a violation of 
the protocol spec. The fact that other vendors don't care to implement 
conformant servers doesn't really have any bearing on this; clients that 
expect this behavior are broken and should be fixed.

> When answering a search query to rootDSE with an empty attribute query,
> forceopattrs forces slapd to return all operational attributes.  By default
> forceopattrs  is off and slapd only returns operational attributes when query
> contains a plus (+), see RFC 4533.
> 
> Unfortunately the default behavior is different from other directories (both AD
> & Sun) and confuses some client applications which expect the operational
> attributes with a blank query. This new config option fixes the issue if
> required by client app.
> 
> This patch does NOT change slapd default behavior.
> 
> The patch contains both minor changes to result.c, proto-slap.h, bconfig.c and
> the required additions to docs (man & guide).

There's no reason to break the core code with misfeatures like this. If you 
need this behavior, write an overlay that intercepts the relevant searches and 
replaces the empty attribute list with "*" and "+".
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/