hyc@symas.com wrote:
h.b.furuseth@usit.uio.no wrote:
Full_Name: Hallvard B Furuseth Version: HEAD, RE24 OS: URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard
overlays/constraint.c:constraint_violation() uses and maybe returns an undefined value in 'rc' if the filter is bad (nop.ors_filter == NULL).
I have no idea what rc should be in this case.
Introduced in constraint.c 1.18 (OpenLDAP 2.4.12).
Probably should just set rc=LDAP_SUCCESS in this case. The constraint is invalid, so it cannot be violated.
Hmm, I'd prefer a strong indication that the constraint is invalid.
If it can be proven that the filter is bad slapo-constraint should probably stop during startup with an appropriate message. Otherwise returning constraintViolation would be appropriate either since the LDAP client fails then and it makes admins search for the cause of it.
Ciao, Michael.