michael@stroeder.com wrote:
hyc@symas.com wrote:
h.b.furuseth@usit.uio.no wrote:
Full_Name: Hallvard B Furuseth Version: HEAD, RE24 OS: URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard
overlays/constraint.c:constraint_violation() uses and maybe returns an undefined value in 'rc' if the filter is bad (nop.ors_filter == NULL).
I have no idea what rc should be in this case.
Introduced in constraint.c 1.18 (OpenLDAP 2.4.12).
Probably should just set rc=LDAP_SUCCESS in this case. The constraint is invalid, so it cannot be violated.
Hmm, I'd prefer a strong indication that the constraint is invalid.
If it can be proven that the filter is bad slapo-constraint should probably stop during startup with an appropriate message. Otherwise returning constraintViolation would be appropriate either since the LDAP client fails then and it makes admins search for the cause of it.
I concur. I've made slapo-constraint(5) return LDAP_OTHER, so it's clear that there's something wrong. Returning LDAP_CONSTRAINT_VIOLATION would have erroneously indicated that the value was not allowed but everything was working fine. Please test.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------