|
[
Permlink
| « Hide
]
Stefan Zoerner added a comment - 04/Aug/06 07:29 PM
Here is an LDIF file with some example entries which lead to problematic DNs within ApacheDS 1.0 RC4 SNAPSHOT. I used the command line tool ldapmodify to import, and ldapsearch to compare the results.
Here is an addition to the issue. If authorization is enabled before th import, and an ACI is attached to dc=example,dc=com, it is not possible to add the entries at all (this is how I originally found the problem). The authorization subsystem seems to have problems with the illegal DNs, as Softerra LDAP Administrator has after the creation.
Thanks Stefan,
I had time tonite in front of a beer to think again to those issues (this one and I have drafted a new version on paper, which is : - simpler - better - and likely faster I hope I will be able to implement it when I will be back, at the end of next week. I'm not going to mess with this one. It's all Emmanuel's :).
This is really strange.
creating an entry like : dn: ou="Scissors 8<",dc=example,dc=com ou: "Scissors 8<" objectclass: organizationalUnit objectclass: top should throw an exception. The DN should only contains values that are declared as attributes. ou="Scissors 8<" attribute is not the same as ou=Scissors 8<. In DN, the ou="Scissors 8<" RDN correspond to the attribute type and value : ou = Scissors 8< where the " are removed. if you don't create the very same attribute, then you will get an error. It's weird that IBM and Sun create this attribute (this is the reason why we can see both values in the SUN and IBM results when you do a search). This is definitively not a bug. The " is not part of the value.
You are right Emmanuel. It is an invalid issue. Sorry for the inconvenience. I close this issue.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Closed
Major
Adding entries with RDNs enclosed in quotes may lead to entries with illegal DNs
