okuznik@symas.com wrote:

Full_Name: Ondrej Kuznik Version: master OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2a02:c7f:221f:c00:a3e:8eff:fe52:dac5)

With cn=config the ConfigLDAPadd function might have to allocate resources that are needed by the time the attributes/config directives are being processed since there is no indication which directives there are and what order they come in.

When using LDAPAdd, attributes are processed in the order of their schema definitions.

If any of the config values fail validation, the configuration code has to react and clean up - which is possible using ca->cleanup.

No, that's not its purpose. If anything fails, the entire config entry must be wiped out. LDAPAdd is all-or-nothing.

While Modify handling (config_modify_internal) already calls ca->cleanup in each case, this is not true for config_add_internal, there it is only run on success.