[389-devel] Please review (revised): [Bug 560827] Admin Server templates: DistinguishName validation fails

Noriko Hosoi nhosoi at redhat.com
Wed Feb 3 21:25:19 UTC 2010 

Thanks to Rich and Nathan for their comments and even debugging my code 
:).  I revised the proposal based upon their suggestions.

Summary: Admin Server templates: DistinguishName validation fails

https://bugzilla.redhat.com/show_bug.cgi?id=560827

Description of problem:
Some template file contains double quotes in the DN string, which
are not escaped.

Sample broken entry in 01nsroot.ldif.tmpl
dn: ou="uid=%as_uid%, ou=Administrators, ou=TopologyManagement,
o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: organizationalUnit
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="creatorsname";)
ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot

Related bug:
https://bugzilla.redhat.com/show_bug.cgi?id=555577
555577 -  Syntax validation fails for "ou=NetscapeRoot" tree

[Proposed fix (ldapserver)]
  -->  (https://bugzilla.redhat.com/attachment.cgi?id=388648)
git patch file (ldapserver)

Description: adding a perl subroutine dnEscape to escape special
characters and eliminate spaces around ',', which is to make
the given dn compliant with RFC4514.

[Proposed fix (adminserver)]
  -->  (https://bugzilla.redhat.com/attachment.cgi?id=388650)
git patch file (adminserver)

Description:
admserv/newinst/src/dirserver.map.in
                    /register_param.map.in
  --- added escapedrootdn key, which is an escaped rootdn compliant
      with RFC4514
admserv/schema/ldif/*.tmpl
  --- removed unescaped '"' from dn strings, which violates RFC4514.
      escaped special characters ('=' and ',') which used to be a
      value surrounded in the double quotes '"'.
      removed spaces around ','


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6646 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20100203/3d49469f/attachment.bin

More information about the 389-devel mailing list