manu@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays
Modified Files: constraint.c 1.14 -> 1.15
Log Message: Add attribute size and count constraints to slapo-constaint Approved by Ando
Usage example: overlay constraint constraint_attribute jpegPhoto size 131072 constraint_attribute userPassword count 3
Just as an aside, I'll note that back-ndb already requires maximum sizes to be configured for all attribute types. Currently it uses the {size} defined in the schema, and it also allows an explicit attrlen to be configured for specific attributes. It might be useful to write the size constraints configured here into the schema structure as well.
Howard Chu writes:
Just as an aside, I'll note that back-ndb already requires maximum sizes to be configured for all attribute types. Currently it uses the {size} defined in the schema,
What? This sounds bad, if you mean the 'SYNTAX syntaxoid{size}' part of attribute definitions. That's the minimum allowed max size. Using that is the equivalent of a a C90 compiler which rejects string literals and logical source lines > 509 characters (of which OpenLDAP has several), and objects (such as malloc sizes) > 32767 bytes.
Most attribute type definitions do not set a {size} though, so since one would need to do the following for most attrs I suggest to drop the bad default for the ones which do use {size}:
and it also allows an explicit attrlen to be configured for specific attributes. It might be useful to write the size constraints configured here into the schema structure as well.
Not as regular ASN.1 SIZE constrains, I think, since that'd differ from the attribute's standard schema definition. But an X-SIZE would be OK, OpenLDAP is already adding private 'X-' extensions to standard schema elements.
-
Hallvard B Furuseth -
Howard Chu