[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug- Enforcing validation when validator is NULL



Prashant kulkarni wrote:

When I am trying to add/edit the value to the attribute "protocol
information" which is required in our schema I am getting the error

Invalid syntax :protocol information: no validator for syntax
1.3.6.1.4.1.1466.115.121.1.42

from the earlier mailing list I have found The problem seems to be lack of
validations in the schema_init.c source code for attribure 'Protocol
Information'

this attribute protocolInformation is defined in core.schema

 {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )",
  0, NULL, NULL, NULL},

This syntax has been removed from RFC 2252 when revised in RFC 4517, as explicitly indicated in notes 21 and 28 to Appendix B of the latter. This because although mentioned in RFC 2252, those syntaxes were not defined and thus posing interoperability problems. I believe OpenLDAP should move one step forward toward RFC 451* compliance by removing (actually, marking as OBSOLETE) those attributes from *.schema files and those syntaxes from hardcoded ones.


 including values like dnPretty ,UTF8StringValidate..etc in the code instead
of NULL values will resolve my problem, but then that require the custom
build and I have to do for all the attributes where validation is defined as
NULL.

Not entirely true: you could implement a run-time module that looks up those syntaxes and modifies the appropriate pointers right after initialization. Unless significant changes in the related slapd structures or API, your module would seamlessly breeze through minor and even major releases.


Furthermore, if those syntaxes are removed from the hardcoded ones, you could define them via a custom schema file using the X-SUBST feature (ITS#5663) recently introduced in HEAD code. It allows to provide a substitute syntax for unimplemented ones.

I personally feel that for those attributes where validation are NULL in
schema_init.c and other schema files, the openLDAP should not force the
validation and give this error message, as all these attributes in which
validation are not defined becomes unusable .

In Tivoli/Sun and Microsoft Active directory LDAP validation is not enforced
where validation is defined as NULL hence I am not getting these kind of
error in Tivoli/Sun and Microsoft Active directory for editing of this
attribute .

So any idea how to resolve this ? there is any way to modify any of the
config file in openldap to disable this validation for protocol information
?
do I have to raise bug request for the same and is this going to be fixed in
next openLDAP release. ?

Any help and suggestions in this direction is highly appreciated.

I personally believe the absence of a validator for those syntaxes is the safest thing OpenLDAP can do to prevent further interoperability issues. The workaround illustrated above should allow you to circumvent your problem without too much harm. Of course, that's my personal opinion, which might differ from that of the OpenLDAP project.


p.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------