https://bugs.openldap.org/show_bug.cgi?id=9708
Issue ID: 9708
Summary: null (empty) attribute values of type Directory String
pass the dry-run validation
Product: OpenLDAP
Version: 2.5.7
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: client tools
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
On behalf of Aaron Bliss at Paychex
----
I'm pretty confident that I've identified a bug when running slapadd with the
dry-run switch. As a step of migrating a given replica set from oDSEE to
OpenLDAP, we of course make use of the dry-run switch after sanitizing a given
oDSEE export. However on a few migrations I've noticed that null (empty)
attribute values of type Directory String (which are illegal per the RFC) pass
the dry-run validation. This becomes really problematic because a subsequent
slapadd in which the quick switch is passed will load the invalid data into the
database. I understand that loading a given ldif using the quick switch
performs fewer consistency checks on the input data however with our largest
dataset's, it's not viable for us to migrate a given replica set from oDSEE to
OpenLDAP without using the quick switch (it would require an outage that's far
longer than we can allow for on the customer side of things).
It makes total sense for sure that OpenLDAP will not allow for null values for
this attribute type in keeping with the standard but unfortunately oDSEE allows
for it as such we have to account for it. Would it be possible to catch the
null attribute value scenario when performing a dry run and if so is there any
way this could be prioritized (doing so would be of tremendous help to us)? If
not then I'll have to write my own validation (not at all ideal) to check for
this scenario but for sure would be better if slapadd can catch this condition.
Thanks much as always.
--
You are receiving this mail because:
You are on the CC list for the issue.
