diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2009-05-13 11:12:11 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2009-05-13 11:12:11 -0700 |
| commit | 0410819d48795fca4faf986cf8658c34c4d929e3 (patch) | |
| tree | 0adaff658324a4b1ea7809fddad9da075be41517 /ldap/servers/slapd/slap.h | |
| parent | 5381a78daee870cff14684fa9c7845ff363a6e7c (diff) | |
| download | ds-0410819d48795fca4faf986cf8658c34c4d929e3.tar.gz ds-0410819d48795fca4faf986cf8658c34c4d929e3.tar.xz ds-0410819d48795fca4faf986cf8658c34c4d929e3.zip | |
Add strict DN syntax enforcement option.
The DN syntax has become more restrictive over time, and the
current rules are quite strict. Strict adherence to the rules
defined in RFC 4514, section 3, would likely cause some pain to
client applications. Things such as spaces between the RDN
components are not allowed, yet many people use them still since
they were allowed in the previous specification outlined in RFC
1779.
To deal with the special circumstances around validation of the DN
syntax, a configuration attribute is provided named
nsslapd-dn-validate-strict. This configuration attribute will
ensure that the value strictly adheres to the rules defined in RFC
4514, section 3 if it is set to on. If it is set to off, the server
will normalize the value before checking it for syntax violations.
Our current normalization function was designed to handle DN values
adhering to RFC 1779 or RFC 2253
Diffstat (limited to 'ldap/servers/slapd/slap.h')
| -rw-r--r-- | ldap/servers/slapd/slap.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index cec186f9..724bef93 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1639,7 +1639,8 @@ typedef struct _slapdEntryPoints { #define CONFIG_SCHEMACHECK_ATTRIBUTE "nsslapd-schemacheck" #define CONFIG_SYNTAXCHECK_ATTRIBUTE "nsslapd-syntaxcheck" #define CONFIG_SYNTAXLOGGING_ATTRIBUTE "nsslapd-syntaxlogging" -#define CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE "nsslapd-ds4-compatible-schema" +#define CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE "nsslapd-dn-validate-strict" +#define CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE "nsslapd-ds4-compatible-schema" #define CONFIG_SCHEMA_IGNORE_TRAILING_SPACES "nsslapd-schema-ignore-trailing-spaces" #define CONFIG_SCHEMAREPLACE_ATTRIBUTE "nsslapd-schemareplace" #define CONFIG_LOGLEVEL_ATTRIBUTE "nsslapd-errorlog-level" @@ -1856,6 +1857,7 @@ typedef struct _slapdFrontendConfig { int schemacheck; int syntaxcheck; int syntaxlogging; + int dn_validate_strict; int ds4_compatible_schema; int schema_ignore_trailing_spaces; int secureport; |