Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard
slapd does not apply the Assert control to non-database entries (at least the root and subschema entries), yet does not reject a critical control either.
I have not explored the magnitutde of the problem: Where the control can get ignored, and which other controls are ignored.
$ ldapsearch -LLLx -e!assert='(objectClass=person)' -b "" -s base dn: objectClass: top objectClass: OpenLDAProotDSE
$ ldapsearch -LLLx -e!assert='(objectClass=person)' -b cn=subschema -s base dn: cn=Subschema objectClass: top objectClass: subentry objectClass: subschema objectClass: extensibleObject cn: Subschema
-b "" -s sub does apply the control with database bdb + suffix "". Don't know about back-sql. However I imagine it varies how careful backends "" are about generating the root DSE when suffix == "" so controls can be applied to it. Might need a backend flag which says whether the backend does this, and reject the critical controls with unwillingToPerform if this flag is not set.