https://bugs.openldap.org/show_bug.cgi?id=9254
Bug ID: 9254 Summary: Datatypes boudary check on slapadd Product: OpenLDAP Version: 2.4.42 Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: c.dosio@gmail.com Target Milestone: ---
The import of an LDIF file containing a passwordPolicy objectClass where the attribute pwdMaxAge was populated as 50000000000000 (while the max value of that attribute should be 315360000) went fine but any editing of values on that objectClass would make slapd hang until brutally killed (it goes into error 8 where apparently the operation is waiting to be executed, but even after several hours it would still be frozen). The only way I managed to solve the situation was to take e previous dump, change the value to something within the value's range, and restore it. BTW I couldn't manage to run slapcat (neither with the -c flag) to have a full dump.
There are three issues in my opinion:
1. Shouldn't slapadd make some checks on data type values and eventually either give an error or change an exceeding value to the minimum/maximum value of the range? 2. Shouldn't slapd manage the exceeding value instead of freezing (in a way coherent to point 1)? 3. Shouldn't slapcat be forced to skip over the problem of an out of range value at least if run with the "-c" flag?