Howard Chu writes:
Hm... Where were you when we were originally discussing these changes? http://www.openldap.org/lists/openldap-devel/200611/msg00013.html http://www.openldap.org/lists/openldap-devel/200611/msg00022.html
Absent. I did look at it though, but I didn't realize how far the changes went. See below.
HEAD has been working this way for over a year, and it's clearly more correct in its behavior now than it was before.
True, the old way was quite broken as that thread shows.
If anything, the LDIF RFC could be revised instead. This format has been supported since umich ldap (before the LDIF RFC was written).
That doesn't mean it has any relevance today; there's plenty of stuff UMich did that was long since deprecated.
True, but this was not deprecated that I know of. So:
It may be OK to revert this single aspect of the change. If you do so, just make sure that those other corner cases mentioned in the -devel thread are still handled correctly.
Changing the -devel thread's example a bit, I'd say 2.3 accepted one dangerous bug, one unambigious but possibly misleading format (a modify record both with and witout "add/delete/replace: attribute" lines), and one safe format (changetype: modify but no add/delete/replace"):
dn: dc=example,dc=com changetype: modify add: cn cn: foo # bug: implicit "add: sn". Since the "-" was optional, one might even # expect the new attribute type to revert to the default "replace:". sn: bar - # Safe after the "-" but possibly confusing - implicit "replace: # description" and "replace: telephoneNumber" description: xyzzy telephoneNumber: 12345678
# OK: implicit "replace:" for everything dn: dc=example,dc=com changetype: modify cn: foo sn: bar description: xyzzy telephoneNumber: 12345678
Snipping a bit from the -devel thread:
Howard Chu wrote:
(Did I mention that I've always thought the mod-spec definition was garbage? The format I use for the logschema has none of these problems or inefficiences...)
As far as I can tell Logschema doesn't support full LDIF modify though. reqMod is unordered, so one cannot make two modifications to the same attribute. E.g. "delete: foo" followed by "replace: foo".
OTOH it would be an LDIF-compatible extension to make the attribute description in "attribute: value" optional after "add/replace/delete: attribute". Then one could omit the terminating "-" too.
Maybe it's time to take this to the ldapext list and hear what others do.
-
h.b.furuseth@usit.uio.no