[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACIs rely on multivalue attribute order (Was: are mulivalued attributes really unordered?)



> John Woodell wrote:
>> Are mulivalued attributes really unordered?
>
> Yes.
>
>> It seems that there always is an order.
>
> Never ever implement a LDAP client which relys on ordered multi-valued
> attributes! You have been warned!

On a related note, I see that the current implementation of ACIs relies on
the ordering of multivalued attributes; in fact, ACI values are evalated
in the order they appear, and as soon as one matches, the checking
terminates.; of course, writing ACIs with different values of the
OpenLDAPaci attributes that overlap whould be considered wrong, but in any
case it is possible and I guess in some cases it may also be considered
desirable (I didn't consider this enough to exclude that possibility).

This fact should be considered among the flaws of the current ACI
implementation.  Since I'm a "relative" fan of ACI, I'd like to see the
current implementation consolidated either according to existing drafts or
according to an internal design that possibly exploits the advantages of
existing implementations and possibly avoids their flaws.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497