[EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] wrote: >> [EMAIL PROTECTED] wrote: >>> Full_Name: Hallvard B Furuseth >>> Version: HEAD, RE24 >>> OS: >>> URL: >>> Submission from: (NULL) (129.240.6.233) >>> Submitted by: hallvard >>> >>> >>> overlays/constraint.c:constraint_violation() uses and maybe returns an >>> undefined value in 'rc' if the filter is bad (nop.ors_filter == NULL). >>> >>> I have no idea what rc should be in this case. >>> >>> Introduced in constraint.c 1.18 (OpenLDAP 2.4.12). >> Probably should just set rc=LDAP_SUCCESS in this case. The constraint is >> invalid, so it cannot be violated. > > Hmm, I'd prefer a strong indication that the constraint is invalid. > > If it can be proven that the filter is bad slapo-constraint should > probably stop during startup with an appropriate message. Otherwise > returning constraintViolation would be appropriate either since the LDAP > client fails then and it makes admins search for the cause of it.
I concur. I've made slapo-constraint(5) return LDAP_OTHER, so it's clear that there's something wrong. Returning LDAP_CONSTRAINT_VIOLATION would have erroneously indicated that the value was not allowed but everything was working fine. Please test. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: [EMAIL PROTECTED] -----------------------------------
