Howard Chu writes:
Hallvard B Furuseth wrote:
Changing the -devel thread's example a bit, I'd say 2.3 accepted one dangerous bug, one unambigious but possibly misleading format (a modify record both with and witout "add/delete/replace: attribute" lines), and one safe format (changetype: modify but no add/delete/replace"):
No. If you (foolishly or unluckily) have attributes in your schema named "add", "delete", or "replace" then in <=2.3 you are completely hosed. There are no unambiguous or safe cases in these malformed inputs.
Well, you'd have to use "add/delete/replace:". ldapmodify only noticed those keywords after "-", "dn:" and "changetype:" lines.to omit it. to omit it.
But I agree those attribute names make things icky. And they still do, because "changetype:" is optional. This LDIF: dn: dc=example,dc=com add: foo foo: bar affects attr "foo" with ldapmodify, but "add" and "foo" with ldapadd.
The current change seems to me to require either too little or too much RFC 2849 conformance in ldapmodify. (Require the final "-" and it gets stricter.)
OTOH it would be an LDIF-compatible extension to make the attribute description in "attribute: value" optional after "add/replace/delete: attribute". Then one could omit the terminating "-" too.
Likewise, this is unsafe.
Why so? Treat a ": value" line followed by a "whatever:" line as if there was a "-" line between. "delete/replace: attr" not followed by attribute value lines might need a "-" after it though.
-
h.b.furuseth@usit.uio.no