#49283 memberOf plug-in doesn't perform syntax checking when not enabled
Opened 2 years ago by ilias95. Modified 3 months ago

Issue Description

The memberOf doesn't perform syntax checking when not enabled. So somebody can disable the plug-in, then set some invalid attribute (using lib389's dsconf for example). If they later enable the plug-in again Directory Server will fail.

Package Version and Platform

Git master on Fedora 25.

Steps to reproduce

  1. Disable memberOf plugin and restart the server.
  2. Set some illegal value to any of each attributes (using lib389's dsconf for example).
  3. Enable the plugin and try to restart the server again.

I'll promptly attach a reproducer.


I think the way to solve this is to make a memberOf objectClasses type, that has the properly defined attributes in syntax. We need a new syntax type that validates "valid objectClass" and "valid attribute type".

So we would have say:

memberOfAutoAddOc ... .SYNTAX <new oid>

Where the new OID, is added to syntaxes, and it validates the content is a valid oc/attr according to schema.

This would allow offline checking of the type :)

Metadata Update from @firstyear:
- Custom field type adjusted to defect

2 years ago

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.3.7.0

2 years ago

Metadata Update from @mreynolds:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Issue set to the milestone: 1.4.2 (was: 1.3.7.0)

3 months ago

Login to comment on this ticket.

Metadata