G'Day Kurt
Yes, RFC 2307 is restrictive re: limiting the legal character set for the
nisNetgroupTripleSyntax values to a "keystring" (ref: RFC 2252).
What I find irksome probably boils down to:-
Since LDAP was originally designed to gateway requests to X.500 servers that the
character set of an IA5String should be legal. (RFC 2307, section 2.4, X.500
nisNetgroupTripleSyntax)
With the added twist of the knife, that underscores are legal in the user CN's
when doing the nisMapName=netgroup.byuser
Note: OS specific "bad chars" still need to be taken into account by the implementer.
Since the "nisNetgroupTripleSyntax" is unlikely to change from "keystring" to
IA5String in the near future for OpenLDAP, I think I'll have to consider our
options re: netgroup configuration and use.
Regards
IT Manager 2
Kurt D. Zeilenga wrote:
> At 09:26 PM 11/12/2006, temp1(a)ips.gov.au wrote:
>> Full_Name: IT Manager 2
>> Version: 2.3 & 2.4
>> OS: FreeBSD 6.2-PRERELEASE #0: Thu Oct 19 11:23:22 EST 2006
>> URL:
>> Submission from: (NULL) (220.233.132.66)
>>
>>
>> Src ./servers/slapd/schema_init.c
>> Function nisNetgroupTripleValidate
>>
>> Fails validate of NIS Netgroup triplet when an underscore is used in a username,
>> hostname or domainname.
>
> I believe this is the intended behavior.
>
>> Which is allowable ie username bad chars are " ,\t:+&#%$^()!@~*?<>=|\\/\"".
>
> RFC 2307 is more restrictive.
>
>
>> suggest change line
>> } else if ( !AD_CHAR( *p ) ) {
>> to
>> } else if ( !(AD_CHAR( *p ) || (*p) == '_' ) ) {
>>
>> Regards
>> IT Manager 2
>
>