Thanks Pierangelo And Harpreet for your reply
As you suggested as per latest RFC specification , it is good idea for those
attributes who don't have validators or where validator are all NULL to remove
those attributes from *.schema files and those syntaxes from hardcoded code
files.
so any idea in which openLDAP release those attributes will be removed from
schema and hardcoded code. ?
But currently since these attributes are defined and hard coded in openldap
code ,
the problem is I can't re-define in custom schema exactly with same name as
"protocol information" as the openldap service will not start
I have to define it as protocol informationXXX or something different to
make it work
but it then it will breaks the schema for our product which we use for other
LDAP server also
also I am thinking there is another solution to this bug . in openLDAP code
in files /servers/slapd/modify.c and entry.C if all the validator are NULL
then it should skip the checking for validation and throwing the error "no
validator for syntax". in that way openldap will allow to modify/add values
for those attributes having all NULL validator without enforcing.
if ( ATLEAST ONE VALIDATOR
PRESENT) //pseudo
codeIS
{
if( !pretty && !validate ) {
*text = "no validator for
syntax";
snprintf( textbuf, textlen,
"%s: no
validator for syntax %s",
ml->sml_type.bv_val,
ad->ad_type->sat_syntax->ssyn_oid
);
*text = textbuf;
return LDAP_INVALID_SYNTAX;
}
Thanks and Regards
Prashant
Message: 19
Date: Mon, 29 Sep 2008 20:25:14 +0200
From: Pierangelo Masarati
<[EMAIL PROTECTED]<http://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&[EMAIL
PROTECTED]>
>
Subject: Re: Bug- Enforcing validation when validator is NULL
To: Prashant kulkarni
<[EMAIL PROTECTED]<http://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&[EMAIL
PROTECTED]>
>
Cc:
[email protected]<http://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&[EMAIL
PROTECTED]>
Message-ID: <[EMAIL
PROTECTED]<http://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&[EMAIL
PROTECTED]>
>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Prashant kulkarni wrote:
> When I am trying to add/edit the value to the attribute "protocol
> information" which is required in our schema I am getting the error
>
> Invalid syntax :protocol information: no validator for syntax
> 1.3.6.1.4.1.1466.115.121.1.42
>
> from the earlier mailing list I have found The problem seems to be lack of
> validations in the schema_init.c source code for attribure 'Protocol
> Information'
>
> this attribute protocolInformation is defined in core.schema
>
> {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )",
> 0, NULL, NULL, NULL},
This syntax has been removed from RFC 2252 when revised in RFC 4517, as
explicitly indicated in notes 21 and 28 to Appendix B of the latter.
This because although mentioned in RFC 2252, those syntaxes were not
defined and thus posing interoperability problems. I believe OpenLDAP
should move one step forward toward RFC 451* compliance by removing
(actually, marking as OBSOLETE) those attributes from *.schema files and
those syntaxes from hardcoded ones.
> including values like dnPretty ,UTF8StringValidate..etc in the code
instead
> of NULL values will resolve my problem, but then that require the custom
> build and I have to do for all the attributes where validation is defined
as
> NULL.
Not entirely true: you could implement a run-time module that looks up
those syntaxes and modifies the appropriate pointers right after
initialization. Unless significant changes in the related slapd
structures or API, your module would seamlessly breeze through minor and
even major releases.
Furthermore, if those syntaxes are removed from the hardcoded ones, you
could define them via a custom schema file using the X-SUBST feature
(ITS#5663) recently introduced in HEAD code. It allows to provide a
substitute syntax for unimplemented ones.
> I personally feel that for those attributes where validation are NULL in
> schema_init.c and other schema files, the openLDAP should not force the
> validation and give this error message, as all these attributes in which
> validation are not defined becomes unusable .
>
> In Tivoli/Sun and Microsoft Active directory LDAP validation is not
enforced
> where validation is defined as NULL hence I am not getting these kind of
> error in Tivoli/Sun and Microsoft Active directory for editing of this
> attribute .
>
> So any idea how to resolve this ? there is any way to modify any of the
> config file in openldap to disable this validation for protocol
information
> ?
> do I have to raise bug request for the same and is this going to be fixed
in
> next openLDAP release. ?
>
> Any help and suggestions in this direction is highly appreciated.
I personally believe the absence of a validator for those syntaxes is
the safest thing OpenLDAP can do to prevent further interoperability
issues. The workaround illustrated above should allow you to circumvent
your problem without too much harm. Of course, that's my personal
opinion, which might differ from that of the OpenLDAP project.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: [EMAIL
PROTECTED]<http://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&[EMAIL
PROTECTED]>
-----------------------------------
