On Thu, Apr 06, 2017 at 04:41:19PM +0100, Howard Chu wrote:
ondra@mistotebe.net wrote:
Well, the clients are allowed to request a lot of strange things, some of which border on a DoS: e.g. right now slapd can't disallow a modify request like: (pumping up an attribute to extreme size)
Nor should we disallow any such thing. "Be liberal in what you accept."
Yes, not disallow in principle, it was meant as focusing on an option to define some resource/processing limits before we even thought about the other example that is relatively benign.
BTW, the patch is now available here. The empty attribute should have replicas fall back to regular syncrepl, where the ones that understand it will interpret it correctly.
ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170406-ITS-6545-accesslog-format-update-and-tests.patch