diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-05-13 11:12:11 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-05-13 11:12:11 -0700 |
commit | 0410819d48795fca4faf986cf8658c34c4d929e3 (patch) | |
tree | 0adaff658324a4b1ea7809fddad9da075be41517 /ldap/ldif | |
parent | 5381a78daee870cff14684fa9c7845ff363a6e7c (diff) | |
download | ds-0410819d48795fca4faf986cf8658c34c4d929e3.tar.gz ds-0410819d48795fca4faf986cf8658c34c4d929e3.tar.xz ds-0410819d48795fca4faf986cf8658c34c4d929e3.zip |
Add strict DN syntax enforcement option.
The DN syntax has become more restrictive over time, and the
current rules are quite strict. Strict adherence to the rules
defined in RFC 4514, section 3, would likely cause some pain to
client applications. Things such as spaces between the RDN
components are not allowed, yet many people use them still since
they were allowed in the previous specification outlined in RFC
1779.
To deal with the special circumstances around validation of the DN
syntax, a configuration attribute is provided named
nsslapd-dn-validate-strict. This configuration attribute will
ensure that the value strictly adheres to the rules defined in RFC
4514, section 3 if it is set to on. If it is set to off, the server
will normalize the value before checking it for syntax violations.
Our current normalization function was designed to handle DN values
adhering to RFC 1779 or RFC 2253
Diffstat (limited to 'ldap/ldif')
-rw-r--r-- | ldap/ldif/template-dse.ldif.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in index 232d9f2e..54a9c4f4 100644 --- a/ldap/ldif/template-dse.ldif.in +++ b/ldap/ldif/template-dse.ldif.in @@ -25,6 +25,7 @@ nsslapd-enquote-sup-oc: off nsslapd-localhost: %fqdn% nsslapd-schemacheck: on nsslapd-syntaxcheck: on +nsslapd-dn-validate-strict: off nsslapd-rewrite-rfc1274: off nsslapd-return-exact-case: on nsslapd-ssl-check-hostname: on |