ando@OpenLDAP.org writes:
null.c 1.25 -> 1.26 declare support for read controls (ITS#5757)
Hold on.
LDAP_CONTROL_PAGEDRESULTS requires to be sent LDAP_CONTROL_PAGEDRESULTS in the search response. Does the frontend do that? back-bdb does it "by hand".
Clients may use LDAP_CONTROL_ASSERT to check something they want to know, not just to ensure they don't update entries with unexpected contents.
I suppose we could evaluate the filter against an empty entry with just the DN filled in - as if the rest were hidden by access controls. Though since back-null is a liar - it cannot present a consistent view of whether data are present or not - it may be better to be conservative and always return Assertion Failed.
I don't know the requirements of the other controls/extensions.
Hallvard B Furuseth wrote:
ando@OpenLDAP.org writes:
null.c 1.25 -> 1.26 declare support for read controls (ITS#5757)
Hold on.
LDAP_CONTROL_PAGEDRESULTS requires to be sent LDAP_CONTROL_PAGEDRESULTS in the search response. Does the frontend do that? back-bdb does it "by hand".
Correct.
Clients may use LDAP_CONTROL_ASSERT to check something they want to know, not just to ensure they don't update entries with unexpected contents.
I suppose we could evaluate the filter against an empty entry with just the DN filled in - as if the rest were hidden by access controls. Though since back-null is a liar - it cannot present a consistent view of whether data are present or not - it may be better to be conservative and always return Assertion Failed.
Sounds fine.
I don't know the requirements of the other controls/extensions.
I believe manageDSAit and subentries are fine. Probably, some of the write controls may be safely accepted.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
-
Hallvard B Furuseth -
Pierangelo Masarati