Full_Name: Hallvard B Furuseth
Submission from: (NULL) (18.104.22.168)
Submitted by: hallvard
slapd does not apply the Assert control to non-database entries
(at least the root and subschema entries), yet does not reject
a critical control either.
I have not explored the magnitutde of the problem: Where the
control can get ignored, and which other controls are ignored.
$ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b "" -s base
$ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b cn=subschema -s base
-b "" -s sub does apply the control with database bdb + suffix "".
Don't know about back-sql.
However I imagine it varies how careful backends "" are about generating
the root DSE when suffix == "" so controls can be applied to it. Might
need a backend flag which says whether the backend does this, and reject
the critical controls with unwillingToPerform if this flag is not set.
With ITS#6753 I've centralized Compare processing into the frontend, so the
Assert control is now processed for non-database entries with this op. Someone
should take a look and see what other operations we need to worry about.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/