Hi guys,
in fact, we have a serious issue in the way we process DNs and RDns.
Let me explain.
Suppose you have a DN like : "cn=John\+Doe,ou=system"
What happens is that the RDN will be parsed by the ComplexDnParser which
will create a RDN containing two values :
- the upValue ( cn=John\+Doe )
- the normValue ( cn=John+Doe )
So far, so good. Except that when we process the AVA, we 'normalize' it
in order to be able to expose an escaped form (ie, where special chars
like '+' are prefixed with an '\'). That reverts the previous value (ie
John+Doe) and replace it with the escaped value (ie John\+Doe).
Now, we can't anymore do a comparison between "John+Doe" and
"John\+Doe", like, for instance, when we check that the RDN is present
as an AT in the entry (if the OC is 'person', the entry *must* have a
cn: john+doe Attribute and Value), leading to an error.
The big mistake was to have only one method to cover two features. The
Ava.normalize() method do the escaping in order to produce a DN which is
valid.
This is not necessarily a complex issue to fix, but it needs some work.
Note that it impacts a lot of parts in the server and the API.
Add to that the fact that the normalization should also use the
SchemaManager to correctly transform the value, accordingly to the AT,
we have some painful cleanup to do in this area...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
