> On Sat, Aug 26, 2006 at 05:04:13PM +0200, Pierangelo Masarati wrote: >> >if the behavior is expected, is there any way to detect >> >from the schema returned by the ldapserver that the attribute/object >> >has a different behavior? >> The reason is quite simple, although subtle: olcModuleLoad has X-ORDERED >> 'VALUES' schema extension, an OpenLDAP reserved extension that is used >> for internal purposes. > is it possible to detect this by looking at the schema returned > by the ldap server? or do I have to add something like 'for openldap, > avoid those attributes'... ?
Look for "X-ORDERED 'VALUES'" in the attributeType definition in the "cn=subschema" >> The real point is that olc* stuff shouldn't be used for any purpose >> other than built-in configuration via back-config. > What if someone wants to build a directory listing all the configurations > of its own thousand servers, or its own thousands 'standard setups'? ... don't use ordered values in the RDN. >> I note that attributes with X-ORDERED 'VALUES' extension should not >> be allowed in RDN; another option would be to remove the ordering >> portion when checking for DN /entry consistency, but I'd regard >> this as a flawed entry naming design rather than a feature. > I'll change the code, but IMHO it looks already quite flawed to > have attributes that look exactly like other attributes, but > behave differently in such a subtle way... I've added (to HEAD) a check that disallows X-ORDERED 'VALUES' attributes as naming attributes. This will prevent their erroneous use, and avoid further issues. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
