[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: postalAddress matching rule

To: openldap-devel@openldap.org
Subject: Re: postalAddress matching rule
From: "Brett @Google" <brett.maxfield@gmail.com>
Date: Fri, 5 Sep 2008 23:14:11 +1000
Content-disposition: inline
In-reply-to: <48BA80FD.7050807@stroeder.com>
References: <e021c7c00808252313o62e13f32ia2fece0c2aa883c@mail.gmail.com> <48B43941.4060401@stroeder.com> <e021c7c00808261716s1d48e13ak313dab63c4cd1bc9@mail.gmail.com> <48B90CC6.6080107@stroeder.com> <e021c7c00808301033h48092da4s7783064a4f772665@mail.gmail.com> <48BA80FD.7050807@stroeder.com>

On Sun, Aug 31, 2008 at 9:31 PM, Michael Ströder <michael@stroeder.com> wrote:
>>> slapo-collect should intercept the write request and forbid the write access
>>> if the attribute type is declared with COLLECTIVE.
>>
>> Yep. That sounds reasonable, but i presume it should either return an
>> unwilling to perform, or silently ignore it.
>
> I'd prefer to not silently ignore it since returning unwillingToPerform
> clearly indicates that a client is misbehaving which needs correction.

OK, i've implemented collect_modify() which returns unwillingToPerform for any
modify operation which contains an attribute which is a collect
attribute, leaving
alone non-collectinfo objects including the parent object

the collect attributes are not dumped by slapcat, so no changes there

Cheers
Brett

Prev by Date: Re: commit: ldap/servers/slapd/back-bdb id2entry.c
Next by Date: line numbers in openldap debugging
Index(es):
- Chronological
- Thread