masarati@aero.polimi.it writes:
This fix allows the overlay to use poorly formatted data since we cannot prevent the user from using it.
Which is what I suspect is a misfeature...
A better fix would be to intercept write operations that modify entries in a manner that would trigger slapo-dynlist(5), and be picky about how URLs are written. This would not fix existing databases, nor handle cases where slapo-dynlist(5) is configured using slapd-config(5).
Yesbut... LDAP URLs can come from many sources and be used in many contexts; I suppose this would in practice need to treat URL-valued attributes as if they had an URL syntax. I guess we could as an extension, turned on by default.
Or, we could simply become picky about how LDAP URIs are written in general.
Yup.