[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd daemon.c

To: lukeh@OpenLDAP.org
Subject: Re: commit: ldap/servers/slapd daemon.c
From: Pierangelo Masarati <ando@sys-net.it>
Date: Fri, 22 Jul 2005 00:52:37 +0200
Cc: OpenLDAP Devel <openldap-devel@OpenLDAP.org>
In-reply-to: <200507190445.j6J4jvoc034459@cantor.openldap.org>
References: <200507190445.j6J4jvoc034459@cantor.openldap.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 CentOS/1.7.8-1.1.3.1.centos3

lukeh@OpenLDAP.org wrote:

Log Message: The order of uidNumber and gidNumber was swapped in revision 1.331, which breaks existing ACLs. This patch restores the old behaviour.

Luke,

the swap was intended, because that's the way slapd normalizes a DN (i.e. when multiple AVAs are present in a RDN, the attributes get sorted lexicographically in ascending order). Note that also the gid and the uid were swapped... now it's inconsistent. The point is that daemon.c was creating the DN this way under the assumption it was already normalized, when DN normalization was mostly lower- (or upper-) casing, so now that normalized DN will not match the normalized DN one uses somewhere else. That's why I suggested that change in 2.3, and I'm pretty sure we need to advertize it quite well since things like ACLs and authz-regexp rules will break. By now, I'm putting things back as they were, and I'll file an ITS.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: leaks in slapd
Next by Date: Re: leaks in slapd
Index(es):
- Chronological
- Thread