ando@OpenLDAP.org writes:
Tag: OPENLDAP_REL_ENG_2_3
entry.c 1.129.2.13 -> 1.129.2.14 import fix to ITS#5071
This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle.
Hallvard B Furuseth wrote:
ando@OpenLDAP.org writes:
Tag: OPENLDAP_REL_ENG_2_3
entry.c 1.129.2.13 -> 1.129.2.14 import fix to ITS#5071
This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle.
You can't load a certificate without ';binary' using ldapadd/ldapmodify; this fix makes slapadd consistent with LDAP operations, so I don't think it's going to break things that much.
Given that without this if you add certificates without ';binary' you won't be able to search with "(userCertificate;binary=*)", nor to get them back by requesting "userCertificate;binary", I believe late or not the pros overcome any cons.
But, of course, I'll be happy to back it up if there's no consensus (I just gave it for granted).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
--On August 3, 2007 11:49:23 PM +0200 Pierangelo Masarati ando@sys-net.it wrote:
Hallvard B Furuseth wrote:
ando@OpenLDAP.org writes:
Tag: OPENLDAP_REL_ENG_2_3
entry.c 1.129.2.13 -> 1.129.2.14 import fix to ITS#5071
This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle.
You can't load a certificate without ';binary' using ldapadd/ldapmodify; this fix makes slapadd consistent with LDAP operations, so I don't think it's going to break things that much.
Given that without this if you add certificates without ';binary' you won't be able to search with "(userCertificate;binary=*)", nor to get them back by requesting "userCertificate;binary", I believe late or not the pros overcome any cons.
But, of course, I'll be happy to back it up if there's no consensus (I just gave it for granted).
Looks like a valid bug fix to me. It simply prevents broken behavior that left things in a bad state, so I don't really think it is a functionality change.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Pierangelo Masarati wrote:
Hallvard B Furuseth wrote:
ando@OpenLDAP.org writes:
Tag: OPENLDAP_REL_ENG_2_3
entry.c 1.129.2.13 -> 1.129.2.14 import fix to ITS#5071
This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle.
You can't load a certificate without ';binary' using ldapadd/ldapmodify; this fix makes slapadd consistent with LDAP operations, so I don't think it's going to break things that much.
I also think it's good to have this fixed in RE23.
Ciao, Michael.
Michael Ströder wrote:
Pierangelo Masarati wrote:
Hallvard B Furuseth wrote:
ando@OpenLDAP.org writes:
Tag: OPENLDAP_REL_ENG_2_3
entry.c 1.129.2.13 -> 1.129.2.14 import fix to ITS#5071
This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle.
You can't load a certificate without ';binary' using ldapadd/ldapmodify; this fix makes slapadd consistent with LDAP operations, so I don't think it's going to break things that much.
I also think it's good to have this fixed in RE23.
On a related note: I've noticed that even deleting ALL certificates of an entry using ldapmodify requires
dn: cn=anyone changetype: modify delete: userCertificate;binary -
In fact,
dn: cn=anyone changetype: modify delete: userCertificate -
fails even if there's nothing to transport and thus the ';binary' is useless...
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati writes:
This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle.
You can't load a certificate without ';binary' using ldapadd/ldapmodify; this fix makes slapadd consistent with LDAP operations, so I don't think it's going to break things that much.
Oh, OK.