ondra@mistotebe.net wrote:
On Thu, Apr 06, 2017 at 05:14:15PM +0200, Michael Str=C3=83=C2=B6der wr=
ote:
ondra@mistotebe.net wrote:
On Wed, Apr 05, 2017 at 04:14:12PM +0200, Michael Str=C3=84=E2=80=9A=C3=
=85=E2=80=BAder wrote:
=3D> There could be a slapd per-backend configuation directive to di=
sallow it with a
strong hint in the docs recommending to disallow it when using delta=
-syncrepl.
Suggestion: disallow mod_attr_repeated
In my view, that's more pain than it's worth.
Hmm, I think slapd should be able to disallow a crazy modify request l=
ike this:
dn: cn=3Dfoobar,dc=3Dexample,dc=3Dcom changetype: modify replace: description description: foobar1
replace: description description: foobar2
.. replace: description description: foobar1000
Well, the clients are allowed to request a lot of strange things, some of which border on a DoS: e.g. right now slapd can't disallow a modify request like:
Nor should we disallow any such thing. "Be liberal in what you accept."
dn: cn=3Dfoobar,dc=3Dexample,dc=3Dcom changetype: modify replace: description description: foobar1 description: foobar2 ... description: foobar1000
So there. If we can agree on a way to handle that, we might see whether it could be repurposed.
I should have a patch for the accesslog issue soon.
--=20 -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/