https://bugs.openldap.org/show_bug.cgi?id=10195
Issue ID: 10195 Summary: permissive modify control without value Product: OpenLDAP Version: 2.6.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: lesignor@cirad.fr Target Milestone: ---
Hello,
A windows ldap client (dotnet) format the request with oid permissive modify control like this :
00d0 30 84 00 00 00 1e 04 17 ........0....... 00e0 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e 31 1.2.840.113556.1 00f0 2e 34 2e 31 34 31 33 01 01 ff 04 00 .4.1413.....
The last 2 bytes 04 00 seems to indicate no value (length of value = 0 ?).
With openldap 2.4.x this request was accepted.
With openldap 2.5.x or openldap 2.6.x, this request is rejected for invalid protocol with error message : permissiveModify control value not absent
With ldapmodify from openldap, the same request is formatted without the last 2 bytes and is accepted.
Could it be possible to accept request with control without value formatted with 04 00 to indicate no value ?
It will help to migrate from openldap 2.4.x to 2.5.x or 2.6.x
Thanks
https://bugs.openldap.org/show_bug.cgi?id=10195
--- Comment #1 from lesignor@cirad.fr ---
In old release v2.4.23, the code in controls.c is like that :
if ( ctrl->ldctl_value.bv_len ) { *text = "permissiveModify control value not empty"; return LDAP_PROTOCOL_ERROR; }
The check was on the length of the value.
This check has been changed by
if ( !BER_BVISNULL( &ctrl->ldctl_value )) { rs->sr_text = "permissiveModify control value not absent"; return LDAP_PROTOCOL_ERROR; }
https://bugs.openldap.org/show_bug.cgi?id=10195
--- Comment #2 from Howard Chu hyc@openldap.org --- The fact that some versions of 2.4 accepted it was a bug, see ITS#7298.
https://bugs.openldap.org/show_bug.cgi?id=10195
--- Comment #3 from lesignor@cirad.fr --- In the Microsoft documentation (https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/lda...), they write :
ldctl_value
No data for this control. In the berval structure, set bv_len to zero and bv_val to NULL.
As they said set bv_len to zero, I guess some developer choose to send 04 00 to set the length to 0, and other consider to remove all fields.
The ldap client, I use, is a dotnet client. I think it uses the c# sdk from Microsoft.
Would it be possible to accept both implementation (null or empty) ?
It will be a great help to migrate to openldap 2.6.x.
Thanks
https://bugs.openldap.org/show_bug.cgi?id=10195
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7298
https://bugs.openldap.org/show_bug.cgi?id=10195
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- Hello,
It is unfortunate that MS is not following their own documentation or following published standards. I would advise following up with MS to have them correct their code.
https://bugs.openldap.org/show_bug.cgi?id=10195
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Keywords|needs_review |
-
openldap-its@openldap.org