Hi,
I try to modify an entry with permissive modify control. The response is protocole error : permissiveModify control value not absent.
I check with wireshark the request, and there was no value with the control, but the control was marked as critical.
The problem appears with openldap 2.5.x and 2.6.x with mdb database. It is ok with openldap 2.4.x with bdb database.
So is the permissive modify control supported with mdb database in openldap >= 2.5.x ?
Thank for your help
On Sat, Mar 30, 2024 at 07:24:41AM -0000, lesignor@cirad.fr wrote:
Hi,
I try to modify an entry with permissive modify control. The response is protocole error : permissiveModify control value not absent.
I check with wireshark the request, and there was no value with the control, but the control was marked as critical.
There is a difference between no value and empty value. Can you recheck?
The problem appears with openldap 2.5.x and 2.6.x with mdb database. It is ok with openldap 2.4.x with bdb database.
This check hasn't changed since 2.4.32 (released in 2012).
So is the permissive modify control supported with mdb database in openldap >= 2.5.x ?
back-mdb does indeed handle permissive modify control.
Regards,
Thank you for you answer.
The problem is with the interpretation of the specification. Some client implementation consider the control must have an empty value (Microsoft implementation) instead of a "null" value
I opened the ticket ITS#10195 to describe that.
There was an old ticket ITS#7298, that ask to change the implementation from an empty value to a null value.
I think, the best would be to have an implementation that accept both empty or null value for this control.
I hope that this approach will be adopted by openldap team.
openldap-technical@openldap.org
-
lesignor@cirad.fr -
Ondřej Kuzník