Thanks Pierangelo And Harpreet for your reply

As you suggested as per latest RFC specification , it is good idea for those attributes who don't have validators or where validator are all NULL to remove those attributes from *.schema files and those syntaxes from hardcoded code files.

so any idea in which openLDAP release those attributes will be removed from schema and hardcoded code. ?

But currently since these attributes are defined and hard coded in openldap code ,

the problem is I can't re-define in custom schema exactly with same name as "protocol information" as the openldap service will not start

I have to define it as protocol informationXXX or something different to make it work

but it then it will breaks the schema for our product which we use for other LDAP server also

also I am thinking there is another solution to this bug . in openLDAP code in files /servers/slapd/modify.c and entry.C if all the validator are NULL then it should skip the checking for validation and throwing the error "no validator for syntax". in that way openldap will allow to modify/add values for those attributes having all NULL validator without enforcing.

if ( ATLEAST ONE VALIDATOR PRESENT) //pseudo codeIS

{

if( !pretty && !validate ) {

*text = "no validator for syntax";

snprintf( textbuf, textlen,

"%s: no validator for syntax %s",

ml->sml_type.bv_val,

ad->ad_type->sat_syntax->ssyn_oid );

*text = textbuf;

return LDAP_INVALID_SYNTAX;

}

Thanks and Regards Prashant

Message: 19 Date: Mon, 29 Sep 2008 20:25:14 +0200 From: Pierangelo Masarati <ando@sys-net.ithttp://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&to=ando@sys-net.it

Subject: Re: Bug- Enforcing validation when validator is NULL To: Prashant kulkarni <prashantk100@gmail.comhttp://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&to=prashantk100@gmail.com

Cc: openldap-bugs@openldap.orghttp://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&to=openldap-bugs@openldap.org Message-ID: <48E11D8A.7090706@sys-net.ithttp://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&to=48E11D8A.7090706@sys-net.it

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Prashant kulkarni wrote:

When I am trying to add/edit the value to the attribute "protocol information" which is required in our schema I am getting the error

Invalid syntax :protocol information: no validator for syntax 1.3.6.1.4.1.1466.115.121.1.42

from the earlier mailing list I have found The problem seems to be lack of validations in the schema_init.c source code for attribure 'Protocol Information'

this attribute protocolInformation is defined in core.schema

{"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )", 0, NULL, NULL, NULL},

This syntax has been removed from RFC 2252 when revised in RFC 4517, as explicitly indicated in notes 21 and 28 to Appendix B of the latter. This because although mentioned in RFC 2252, those syntaxes were not defined and thus posing interoperability problems. I believe OpenLDAP should move one step forward toward RFC 451* compliance by removing (actually, marking as OBSOLETE) those attributes from *.schema files and those syntaxes from hardcoded ones.

including values like dnPretty ,UTF8StringValidate..etc in the code

instead

of NULL values will resolve my problem, but then that require the custom build and I have to do for all the attributes where validation is defined

as

NULL.

Not entirely true: you could implement a run-time module that looks up those syntaxes and modifies the appropriate pointers right after initialization. Unless significant changes in the related slapd structures or API, your module would seamlessly breeze through minor and even major releases.

Furthermore, if those syntaxes are removed from the hardcoded ones, you could define them via a custom schema file using the X-SUBST feature (ITS#5663) recently introduced in HEAD code. It allows to provide a substitute syntax for unimplemented ones.

I personally feel that for those attributes where validation are NULL in schema_init.c and other schema files, the openLDAP should not force the validation and give this error message, as all these attributes in which validation are not defined becomes unusable .

In Tivoli/Sun and Microsoft Active directory LDAP validation is not

enforced

where validation is defined as NULL hence I am not getting these kind of error in Tivoli/Sun and Microsoft Active directory for editing of this attribute .

So any idea how to resolve this ? there is any way to modify any of the config file in openldap to disable this validation for protocol

information

? do I have to raise bug request for the same and is this going to be fixed

in

next openLDAP release. ?

Any help and suggestions in this direction is highly appreciated.

I personally believe the absence of a validator for those syntaxes is the safest thing OpenLDAP can do to prevent further interoperability issues. The workaround illustrated above should allow you to circumvent your problem without too much harm. Of course, that's my personal opinion, which might differ from that of the OpenLDAP project.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.ithttp://mail.google.com/mail/h/xw1gbla4xfz4/?v=b&cs=wh&to=ando@sys-net.it -----------------------------------