https://bugs.openldap.org/show_bug.cgi?id=9254
Bug ID: 9254
Summary: Datatypes boudary check on slapadd
Product: OpenLDAP
Version: 2.4.42
Hardware: All
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
The import of an LDIF file containing a passwordPolicy objectClass where the
attribute pwdMaxAge was populated as 50000000000000 (while the max value of
that attribute should be 315360000) went fine but any editing of values on that
objectClass would make slapd hang until brutally killed (it goes into error 8
where apparently the operation is waiting to be executed, but even after
several hours it would still be frozen).
The only way I managed to solve the situation was to take e previous dump,
change the value to something within the value's range, and restore it. BTW I
couldn't manage to run slapcat (neither with the -c flag) to have a full dump.
There are three issues in my opinion:
1. Shouldn't slapadd make some checks on data type values and eventually either
give an error or change an exceeding value to the minimum/maximum value of the
range?
2. Shouldn't slapd manage the exceeding value instead of freezing (in a way
coherent to point 1)?
3. Shouldn't slapcat be forced to skip over the problem of an out of range
value at least if run with the "-c" flag?
--
You are receiving this mail because:
You are on the CC list for the bug.
