Thanks to nkinder(a)redhat.com for his reviews and comments. Following his
findings, these bugs were fixed.
1) If nsslapd-dn-validate-strict is set, check the incoming DNs and reject them
if they are not valid. Once approved, the DNs are normalized.
2) Function in the acl plugin acllas__client_match_URL was calling
slapi_dn_normalize_ext against URL (not DN), which was not a correct usage of
the API. Now, the strict DN part is passed to the API.
3) Fixed typos in the acl plugin.
https://bugzilla.redhat.com/attachment.cgi?id=409036&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=409036&action=edit
Thanks,
--noriko
On 4/21/10 4:22 PM, Noriko Hosoi wrote:
Background info:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing
special
characters
Bug 567968 - subtree/user level password policy created using
389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails,
modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN
<type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly