https://bugs.openldap.org/show_bug.cgi?id=5813
--- Comment #4 from Quanah Gibson-Mount <[email protected]> --- [email protected] writes: > limits.c 1.83 -> 1.84 > More ITS#5734: Handle empty o_req_ndn. (...) This gets somewhat inconsistent: dn.this.<subtree or exact>="" now matches target DN "". However, to preserve backwards compatibility, dn.<subtree or exact>="" does not match anonymous binding. OTOH, limits dn.<anything>=* becomes limits *, again preserving backwards compatibility. However dn.<onelevel or children>=* should not match empty target DN/anonymous connections. Should we leave it as it is? Or change the old behavior? And if so, does an anonymous connection have a DN so it should match "", or not? Or we could make them errors to avoid admins seeing unexpected behavior for a config which slapd accepts. These cases seem fairly useless, but could arise from something like an auto-generated config files when the admin inputs suffix "". -- You are receiving this mail because: You are on the CC list for the issue.
