[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5344) Wrong check for bad Modify DN

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5344) Wrong check for bad Modify DN
From: ando@sys-net.it
Date: Sat, 9 Feb 2008 11:00:36 GMT

h.b.furuseth@usit.uio.no wrote:
> hyc@symas.com writes:
>>> The slapd/modrdn.c check for affectsMultipleDSAs is insufficient, it
>>> requires newSuperior to be in the same backend.  That does not catch
>>> moving "cn=x,cn=y" to another database's suffix "cn=z,cn=y".
>> I don't see how it can miss this.
> 
> It checks if newSuperior is in another backend, but that move doesn't
> need a newSuperior.  It keeps the same parent:
> 
> database 1: suffix      cn=y
> database 2: suffix cn=z,cn=y
> modify rdn: dn "cn=x,cn=y"; newrdn cn=z; newSuperior (if any) cn=y.
> 
>> Probably should look at adding the dest_dn to the op struct, so each
>> backend doesn't have to rebuild it.
> 
> Indeed.  And dest_ndn.

You should apply your initial patch (to HEAD, 2.4), then modify HEAD to
pass dest_dn/dest_ndn

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Prev by Date: (ITS#5361) cert verification failures with GnuTLS and DNS subjectAltName
Next by Date: (ITS#5362) syncrepl provider kills consumer by sending truncated cookie
Index(es):
- Chronological
- Thread