On Thu, Apr 06, 2017 at 04:41:19PM +0100, Howard Chu wrote: > [email protected] wrote: >> Well, the clients are allowed to request a lot of strange things, some >> of which border on a DoS: e.g. right now slapd can't disallow a modify >> request like: (pumping up an attribute to extreme size) > > Nor should we disallow any such thing. "Be liberal in what you accept."
Yes, not disallow in principle, it was meant as focusing on an option to define some resource/processing limits before we even thought about the other example that is relatively benign. BTW, the patch is now available here. The empty attribute should have replicas fall back to regular syncrepl, where the ones that understand it will interpret it correctly. ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170406-ITS-6545-accesslog-format-update-and-tests.patch -- OndÅej KuznÃk Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
