[email protected] wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD > OS: Linux > URL: > Submission from: (NULL) (129.240.6.233) > Submitted by: hallvard > > > slapd does not apply the Assert control to non-database entries > (at least the root and subschema entries), yet does not reject > a critical control either. > > I have not explored the magnitutde of the problem: Where the > control can get ignored, and which other controls are ignored. > > $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b "" -s base > dn: > objectClass: top > objectClass: OpenLDAProotDSE > > $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b cn=subschema -s base > dn: cn=Subschema > objectClass: top > objectClass: subentry > objectClass: subschema > objectClass: extensibleObject > cn: Subschema > > > -b "" -s sub does apply the control with database bdb + suffix "". > Don't know about back-sql. > However I imagine it varies how careful backends "" are about generating > the root DSE when suffix == "" so controls can be applied to it. Might > need a backend flag which says whether the backend does this, and reject > the critical controls with unwillingToPerform if this flag is not set.
With ITS#6753 I've centralized Compare processing into the frontend, so the Assert control is now processed for non-database entries with this op. Someone should take a look and see what other operations we need to worry about. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
